PRIVACY POLICY
Privacy Policy version 1.0 is effective from September 1, 2024.
§ 1 GENERAL INFORMATION
The privacy policy of the Internet Store does not constitute a source of obligations for the Visitor (including Guest) and the Client of the Internet Store. It is informational and not a contract or regulation.
All expressions and words written with a capital letter (e.g., Internet Store, Client, etc.) should be understood in accordance with the content of the Internet Store Regulations.
In case of any discrepancies between this Privacy Policy and consents for the processing of personal data provided by a natural person, the legal basis for determining the scope of the Administrator's actions is the voluntarily expressed consents or applicable law that applies to the given factual situation.
§ 2 DATA CONTROLLER
The controller of your personal data is KLOO Sp. z o.o., based in Warsaw, at ul. Rozbrat 32/2, 00-429 Warsaw, registered in the District Court for the capital city of Warsaw, XII Commercial Division of the National Court Register under number KRS: 0001000004, NIP: 7011112491, REGON: 52353487000000, with a share capital of 200,000.00 PLN (hereinafter referred to as: the Administrator).
For all matters related to personal data protection, we encourage you to contact the above address or via email: hello@kloo.pl.
You can also send a request to the above address for information on what personal data we hold about you and for what purposes we process it.
The Administrator informs that correspondence is stored for statistical purposes and to improve the support system concerning GDPR and for resolving complaints and taking decisions based on reported possible administrative interventions in the specified Client Account. The addresses and data collected in this way will not be used for communication other than the realization of the report, in particular, they will not be used for marketing purposes and transferred to third parties.
In case of contact with the Administrator to perform specific actions (e.g., filing a complaint, returning goods), the Administrator may ask the person again to provide data, including personal data, such as name, address, email address, to confirm their identity and enable a return contact in the given matter and perform the requested action. Providing this data is not obligatory but may be necessary to perform the action or obtain information that the person is interested in.
If you have given additional consent for us to use cookies, the controllers of the data obtained based on your online activity may also include our trusted partners.
§ 3 DATA ACQUISITION AND PURPOSE OF PROCESSING
We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) and other currently applicable laws on personal data protection.
According to the content of the indicated legal acts, personal data is considered to be information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
We ensure that the data obtained from you is confidential, secure, and processed only when necessary. We process data lawfully, fairly, and transparently for the person concerned. We process only such data and only to the extent necessary due to a legitimate purpose, i.e., the reason for processing. Personal data is collected with due care and appropriately protected against unauthorized access. We apply appropriate and adequate security measures and technical knowledge to protect personal data against accidental loss and unauthorized access, use, alteration, or disclosure. Personal data is stored in a way that allows identification of the person concerned for no longer than necessary for the purposes for which the data is processed.
The Administrator acquires information about personal data in the following ways:
• by making a purchase in the Store (online store) by the Client;
• by registering a Client Account;
• through voluntary subscription to the newsletter service;
• through voluntarily provided information in an email message in the contact form;
• by submitting a complaint, request, inquiry, or other type of letter;
• through voluntarily provided information in an email message sent in connection with a desire to cooperate;
• by posting a review about the product or store;
• through cookies, pixels, or similar internet technologies.
We inform you that the purpose and scope of data processed by the Administrator result from the consent of the Visitor to the Website or Client or from legal provisions and, in selected cases, is specified as a result of actions taken by these individuals in the Online Store or within other communication channels.
Providing personal data by the Visitor or Client of the Internet Store is voluntary but necessary to use certain functionalities of the Internet Store (e.g., placing an Order and its settlement, registering a Client Account, or using contact forms).
Each time the required data for concluding the appropriate contract is indicated in advance in the Internet Store (we mark the data necessary for concluding a contract/using a specific functionality) within other communication channels with the Visitor or Client or in the Regulations. The consequence of not providing personal data may be the inability to effectively use the Website's functionalities, e.g., inability to place an order.
Your personal data is obtained by the Administrator for the following purpose:
| Purpose of Processing | Legal Basis | Legitimate Purpose, if any |
| Conducting statistics | Art. 6(1)(f) GDPR | Having information about the statistics of our activities, which allows us to improve our business operations. |
| Conducting marketing activities for our products and services without using electronic communication means. | Art. 6(1)(f) GDPR | Conducting marketing activities promoting our business. |
| Conducting marketing activities for our products and services using electronic communication means, including profiling. | Art. 6(1)(f) GDPR (however, these activities are carried out only based on the consent (Art. 6(1)(a) GDPR) | Conducting marketing activities promoting our business using email addresses. Presenting advertisements, adjusting discounts, and promotions. |
| Posting reviews in the Internet Store | Art. 6(1)(a) GDPR | Examining product satisfaction. |
| Handling requests sent using the contact form, email, complaints, or other requests. | Art. 6(1)(a) GDPR; Art. 6(1)(c) GDPR |
Responding to requests and inquiries sent using the contact form or in another form, including storing sensitive requests and provided answers to maintain the accountability principle. Handling requests, responding to consumer complaints. Pursuing claims, including from third parties, defending against them. |
| Managing the Client Account | Art. 6(1)(a) GDPR | Concluding and performing the Service Agreement (Account) or taking action at the request of a prospective Client before concluding it. |
| Concluding and performing the Sales Agreement | Art. 6(1)(b) GDPR | Concluding and performing the Sales Agreement or taking action at the request of a prospective Client before concluding it. |
| Archiving sales documents | Art. 6(1)(c) GDPR | Fulfilling legal obligations arising from, e.g., tax and accounting regulations, especially in the case of paid contracts. |
In the case of an adult Client or Visitor to the Website, with their additional consent, Personal Data may also be processed to present, create, grant, and implement advertisements, offers, or promotions (discounts) dedicated to that Client concerning the Administrator's and its partners' products or services to the highest possible degree tailored to their preferences (profiling) through automated decision-making that may result in legal consequences or similarly significantly affect them, e.g., through a short-term discount on a specific product they recently viewed in our Online Store (option unavailable to persons under the age of majority or those who are of age but have not consented to such action).
Newsletter. If you want to subscribe to our newsletter, you must provide us with your email address and name via the newsletter sign-up form. Providing data is voluntary but necessary to use the newsletter service. Subscription to the newsletter is also possible during the Client Account registration process. The data provided to us during newsletter subscription is used to send you the newsletter, informing you about company activities, current collections, promotions, and discounts. The legal basis for processing in this case is your voluntary consent given when signing up for the newsletter. Your data in this case is processed to send the newsletter periodically, and the legal basis for processing is Art. 6(1)(a) GDPR, i.e., your consent arising from the desire to receive the service. Data will be processed as long as the newsletter operates unless you opt out of receiving it earlier, which will permanently remove your data from the database. Additionally, you can correct your data stored in the newsletter database or request its removal by unsubscribing from the newsletter. You also have the right to data portability as outlined in Art. 20 GDPR. The newsletter database is appropriately secured by the Administrator. The newsletter database is managed by an external entity. The emails sent contain links to hidden images (so-called tracking pixels). In addition to its primary function of counting email opens, it also optionally serves to identify the Client and conduct marketing activities.
Email contact form. By contacting us via email or the contact form, you provide us with your email address as the sender's address. Additionally, the message may contain other personal data. Providing data is voluntary but necessary to establish contact with us.
Your data in this case is processed to communicate with you, and the legal basis for processing is Art. 6(1)(a) GDPR, i.e., your consent arising from the desire to contact us. The legal basis for processing after the conclusion of contact is a legitimate interest in the form of archiving correspondence for internal purposes (Art. 6(1)(c) GDPR).
The content of the correspondence may be archived, and we cannot definitively determine when it will be deleted; however, it will not be stored for longer than 5 years. You have the right to request the history of correspondence with us (if it has been archived) as well as to request its deletion, unless its archiving is justified due to our overriding interests.
Reviews. To add your review about a product, you must fill out the form sent to the email address provided when placing the Order.
Your data in this case is processed to enable the posting of a review, and the legal basis for processing is Art. 6(1)(a) GDPR, i.e., your consent arising from the desire to post your entry on our website. Data will be processed for the duration of the review on the website unless you request the removal of the review earlier, which will result in the deletion of your data related to the review from the database.
At any time, you can correct your data in the review and request its deletion. You also have the right to data portability as outlined in Art. 20 GDPR.
Client Account. When creating a Client Account on our Website, you provide us with your email address, first name, and last name. This is voluntary but necessary to successfully register a Client Account. You can then provide address data in the Client Panel.
Your data in this case is processed to manage the Client Account, and the legal basis for processing is Art. 6(1)(a) GDPR, i.e., your consent arising from the desire to create the account. Data will be processed as long as the Client Account exists unless you request its deletion earlier, which will result in the deletion of your data from the database.
At any time, you can correct your data assigned to the Client Account and request its deletion. You also have the right to data portability as outlined in Art. 20 GDPR. When creating a Client Account, you may – but are not required to – consent to subscribe to the newsletter service.
§ 4 CATEGORIES OF PERSONAL DATA
The data controller may process the following categories of personal data:
• Personal data provided in the registration form for a Client Account, placing Orders in the Internet Store, particularly: email address, first name, and last name;
• Personal data supplemented by the user when using the Client Account, particularly: first name and last name; email address; residential address [street, house number, apartment number, postal code, city, country], and in the case of Clients who are not consumers, additionally the company name and tax identification number [NIP];
• Personal data necessary to place an order, particularly: first name and last name; email address; contact phone number; residential address [street, house number, apartment number, postal code, city, country], and in the case of Clients who are not consumers, additionally the company name and tax identification number [NIP];
• Personal data provided for the purpose of using the newsletter, provided when using the contact form, posting reviews, and transmitted via email; or provided when filing complaints, complaints, or requests, particularly: first name and last name; email address; contact phone number; address [street, house number, apartment number, postal code, city, country], bank account number;
• Personal data provided for participation in contests/promotional activities: first name and last name; email address; contact phone number; residential address [street, house number, apartment number, postal code, city, country];
• Other data, particularly obtained based on the Client's activity on the Internet, including those obtained via the Internet Store or other communication channels with the Client, using cookies and similar technologies.
§ 5 RECIPIENTS OF PERSONAL DATA
Your personal data may be processed by our partners and subcontractors, i.e., entities whose services we use in processing data and providing services to you. To the best of our knowledge, all entities to whom we entrust the processing of personal data guarantee the application of appropriate security and protection measures required by law.
Your personal data may be transferred by the Administrator to:
• state authorities or other entities authorized under the law to fulfill our obligations;
• Partners of the Administrator may participate in the processing of personal data to a limited extent, particularly those who technically help efficiently operate the Internet Store (e.g., assist in sending email messages and, in the case of advertising activities, also in marketing campaigns), hosting or IT service providers, carriers or intermediaries in executing Order shipments, entities handling electronic payments or payment cards in the Internet Store, companies that service software, support the Administrator in marketing campaigns, as well as providers of legal and advisory services and external accounting;
• Additionally, we may share fully anonymized data (data that cannot identify you) with entities we cooperate with.
As part of marketing (advertising) activities, the Administrator uses the services of third parties who use cookies, pixels, or functions similar to cookies on the Internet Store. The catalog of these entities is specified in detail in § 8 of this Privacy Policy.
§ 6 ARCHIVING PERSONAL DATA
The Administrator will store your personal data only as long as it is necessary for the purposes specified in this Privacy Policy and/or to fulfill legal and regulatory requirements. After this period, the Administrator will securely delete your personal data.
We store data for the periods indicated below:
| Data Category | Storage Period |
| Data related to the sales procedure | 8 years |
| Data for marketing purposes | If processed based on consent – until it is withdrawn. If processed based on a legitimate interest – until an objection is raised. |
| Data provided using the contact form, email | For a period of 3 years to maintain accountability. |
| Data contained in reviews | If processed based on consent – until it is withdrawn. If processed based on a legitimate interest – until an objection is raised. |
| Personal data related to cookies and similar functions | Until these files are deleted using the site/browser/device settings (note that deleting the files is not always synonymous with deleting the Personal Data obtained through these files – in this case, personal data will be deleted until an objection is raised). |
| Data provided during complaint proceedings and other Client-related procedures | 6 years. |
| Other data category (except for data from cookies, which is covered in our Cookies Policy) | 5 years. |
In each case, personal data will also be stored when the law (e.g., accounting or tax laws) obliges the Administrator to process it; we will store personal data longer if the Client has any claims against the Administrator to pursue claims by the Administrator or to defend against third-party claims for the period of their statute of limitations specified by law, particularly the Civil Code.
Depending on the scope of personal data and the purposes of its processing, it may be stored for varying periods. In each case, the longer storage period for personal data prevails.
§ 7 RIGHTS, ACCESS, AND UPDATING OF PERSONAL DATA, COMPLAINTS
In accordance with Art. 15 GDPR, you have the right to obtain from the data controller information on whether your personal data is being processed.
If the Administrator processes your personal data, you have the right to:
• access your personal data;
• obtain information on the purposes of processing, categories of processed personal data, recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, the rights you are entitled to under GDPR, the right to lodge a complaint with the supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of this data outside the European Union;
• obtain a copy of your personal data.
In addition, you can request the correction of personal data (Art. 16 GDPR), deletion of personal data (Art. 17 GDPR), object to the processing of personal data (Art. 21 GDPR), and if it is technically feasible, request the transfer of the provided personal data to another organization (Art. 20 GDPR).
In connection with the right to be forgotten, the Administrator will update or delete your data unless it has a legal obligation to retain it for business purposes or to comply with the law. In some cases, you have the right to request the restriction of the processing of personal data (Art. 18 GDPR). You can also contact the Administrator if you have concerns about how your personal data is collected, stored, or used.
The Administrator strives to process all requests related to the aforementioned operations on your personal data without delay but no later than within 30 days of receiving the request. Due to the complexity of the request, the Administrator has the right to consider your requests within a period exceeding 30 days, of which the User will be informed in advance.
The Administrator aims to resolve complaints ultimately, but if you are still dissatisfied with the response received, you can lodge a complaint with the supervisory authority responsible for data protection, the local data protection authority. In Poland, the supervisory authority under GDPR is the President of the Office for Personal Data Protection.
§ 8 AUTOMATED PROCESSING OF PERSONAL DATA, COOKIES POLICY
Our Website, like almost all other websites, uses cookies. The cookies policy applies to both Clients of the Internet Store and Visitors to the Internet Store, i.e., users who browse the Store's content but do not make purchases. The cookies policy is an integral part of this Privacy Policy. The content of the cookies policy can be found here. The Website also uses functionalities similar to cookies. Therefore, individual provisions of the cookies policy should also be appropriately applied to these technologies. Selected cookies process your personal data. The processing of personal data obtained from cookies or similar technologies on our Website is carried out to ensure the operation of the Website, adapt the Website to the preferences of the Visitor and Client, or for analytical purposes. Processing is based on our legitimate interest. The legal basis for processing personal data for advertising purposes will be your additional consent given by selecting and checking the checkbox during the process of expressing consent to cookies. When a Visitor uses the Internet Store, cookies are used to identify their browser or device - cookies collect various types of information that, as a rule, do not constitute personal data. However, some information, depending on its content and usage, may be associated with a specific person - linking certain behaviors to a specific Visitor or Client, e.g., by linking them with the data provided when registering an Account in the Internet Store or a specific email address - and thus be considered personal data. Regarding information collected by cookies that may be associated with a specific person, the provisions of the Internet Store's Privacy Policy relating to personal data, particularly regarding the rights of the data subject, apply. The Website uses profiling. Thanks to cookies used in the Internet Store, the Administrator can learn about the preferences of the Visitor/Client - e.g., by analyzing how often they visit the Internet Store and whether and what products they buy. Analysis of online behavior helps better understand the habits and expectations of Clients and Visitors and adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests and prepare better promotions and surprises for adult Visitors who agree to it.
§ 9 CHANGES TO THE PRIVACY POLICY
These Privacy Policy rules 1.0 are effective from September 1, 2024. The Administrator declares that they have the right to make changes to this document for important reasons, including:
• changes in the applicable laws, particularly regarding GDPR, telecommunications law, services provided electronically, and those regulating consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
• the development of functionalities or electronic services caused by the advancement of Internet technology, including the implementation of new IT, technological, or technical solutions on the Website affecting the scope of this Privacy Policy.
The Administrator commits to informing Users of any changes in advance, allowing them to familiarize themselves with the content of the modified document, e.g., by posting a consolidated text of the Privacy Policy on the main page of the Internet Service.
In the case of users using the newsletter function, if the Administrator makes significant changes to the content of the Privacy Policy, they will inform Users by email. If there are any objections to the changes to the Policy, the User has the right to stop using the newsletter by sending a request to unsubscribe from the newsletter or by requesting the deletion of their personal data.