NATURAL-SUPPLEMENTS.EU PRIVACY AND COOKIES POLICY

I. GENERAL INFORMATION

This document defines the privacy policy of the online store https://natural-supplements.eu (hereinafter referred to as the "Online Store"). Administrator of the Internet store data The Administrator of the Internet store data is Michał Andrys, conducting business under the name MANDER Michał Andrys with its registered office in Szczecin, 5 Koralowa Street, NIP 8522527288, REGON 320560790, e-mail: MANDER, tel: 801011876 / shop@natural-supplements.eu 606220039.

II. PERSONAL DATA

Personal data collected by the administrator are processed on the basis of. Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as "RODO"), applicable laws on the protection of personal data and the Act of July 18, 2002 on the provision of electronic services (Journal of Laws 2002 No. 144 item 1204 as amended).
(2) The Administrator collects information provided voluntarily by the Customers of the online store of the Internet Shop. However, it is a condition to provide certain personal data Providing certain personal data, however, is a condition for processing an order, the consequence of not providing such data will be the inability to order products in the store. ordering products in the store.
(3) The data controller processes the following personal data: first name, last name, e-mail address, company name, company identification number, address, telephone number and exceptionally date of birth. (4) The Administrator may store information about connection parameters, such as IP addresses, for technical purposes related to server administration and to collect general, statistical demographic information (e.g., region of connection, region of connection), as well as for security purposes.
(5) The Administrator makes special efforts to protect the privacy and information provided to it regarding the Online Store's Customers. The Controller uses the Administrator shall exercise due diligence in the selection and application of appropriate technical measures, including measures of a programmatic and organizational nature, which ensure the protection of the processed data, in particular secures the data against disclosure to unauthorized persons, disclosure, loss and destruction, unauthorized change, as well as against processing in violation of applicable legal provisions.
6 Personal data will be processed in accordance with the principles set forth in Article 5 (RODO).
Personal data will be:
(a) processed in a manner that is lawful, fair and transparent to the data subject ("lawfulness, fairness and transparency");
(b) collected for specified, clearly identified and legitimate purposes; and not processed in a manner incompatible with those purposes; further processed for archiving purposes in the public interest, for scientific or historical research, or for historical research or statistical purposes shall not be considered as purposes under Article 89(1) of the RODO as incompatible with the original purposes ("purpose limitation");
(c) proportionate, adequate and limited to what is necessary for the purposes for which they are processed ("data minimization");
(d) accurate and updated as necessary ("accuracy");
(e) kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which they are processed; personal data may be kept longer, provided that they are processed exclusively for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the RODO, provided that appropriate technical and organizational measures under this Regulation are implemented where necessary to protect the rights and freedoms of natural persons to whom the data relate ("retention limitation");
(f) processed in a manner that ensures adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through appropriate technical or organizational measures ("integrity and confidentiality"). In connection with the Administrator's use of tools to support its day-to-day operations, such as those provided by Google, customers' personal data may be transferred to a country transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or to another country in which a cooperating entity maintains personal data processing tools in cooperation with the Administrator.

III. LEGAL GROUNDS

(1) The basis for the processing of the Customer's personal data is, in particular, the need to perform a contract to which the Customer is a party or the need to take action at the Customer's request prior to the request in order to take action prior to the conclusion of the contract (Article 6(1)(b) RODO).
(2) On the basis of a separate consent given pursuant to Article 6(1)(a) of the RODO, data may also be processed for the purpose of sending commercial information by e-mail or telephone calls for direct marketing purposes.
(3) For other purposes, the customer's personal data may be processed on the basis of:
(a) applicable law - if the processing is necessary for. the fulfillment of a legal obligation incumbent on the Administrator, e.g. if, based on the Administrator's tax or accounting regulations, the Controller settles concluded sales contracts (Article 6(1)(c) RODO);
(b) the need for purposes other than those mentioned above, arising from the legitimate interests pursued by the Controller or third parties, in particular to establish, assert or defend
claims, correspondence with customers, including through contact forms (including responses to customer messages), market analysis and customer statistics), market analysis and statistics (Article 6(1)(f) RIPA).
(4) Personal data processed for the purpose of making purchases will be processed for the period necessary to process purchases and orders, after which data subject to archiving will be kept for a reasonable period of the statute of limitations for claims. Personal data processed for marketing purposes covered by the statement of consent will be processed until consent is withdrawn.

IV. RECIPIENTS OF PERSONAL DATA

(1) Recipients of the Customer's data may be entities that execute the order on behalf of the Seller and process it: transport companies, accounting companies, suppliers of goods, suppliers of IT solutions, companies that process payment services, banks, companies that provide marketing services, companies that provide warehouse services suppliers, telecommunication service providers, law firms, authorized public administration bodies.
(2) We provide personal data to our verified partners only for the purpose and to the extent necessary to perform the contract with you (fulfillment of orders, use of discounts and promotions, participation in loyalty programs), as well as to fulfill tax obligations.

(3) The Administrator informs Users that it entrusts the processing of personal data to the following entities:
Trustisto Sp. z o.o., Al. Jerozolimskie 181B, 02-222 Warsaw, NIP 7011075703 for the purposes of: analysis and segmentation in CRM, use of the e-mail sending system, marketing only and exclusively for the needs of e-mail campaigns launched or indicated by the Administrator using the Trustisto system.
The Administrator informs that it uses the following technologies to track actions taken by the user within the Store's website: tracking codes - to analyze the statistics of the Store's website, as well as for marketing purposes for e-mail, SMS, push or internet campaigns launched or indicated by the Administrator using the Trustisto system.

V. USER'S DATA PROTECTION RIGHTS

(1) Due to the voluntary nature of providing your personal data, you have the following rights:
(a)The right to access your personal data (Article 15 of the Personal Data Protection Law)
(b) to request the rectification of your personal data (Article 16 of the GDPR)
(c) to have your personal data erased ("right to be forgotten" - Art. 17 GDPR)
(d) to restrict the processing of your personal data (Art. 18 GDPR).
(e) to transfer your personal data (Art. 20 RODO)
(f) to object - Art. 21 RODO).
2. if you believe that the processing of your personal data violates the provisions of RODO, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
3. you may withdraw your consent to the processing of your personal data at any time. Withdrawal of consent to data processing does not affect the lawfulness of data processing carried out by the controller on the basis of consent before its withdrawal.

VI. VIOLATION OF PERSONAL DATA PROTECTION

In the event of a violation of personal data protection, the Administrator shall without undue delay, no later than 72 hours after the discovery of the violation - report the violation to the supervisory authority - (President of the Office for Personal Data Protection). to the supervisory authority - (President of the Office for Personal Data Protection), if the violation is unlikely to result in a risk of violation of the rights or freedoms of individuals. In the case of a notification made to the supervisory authority after 72 hours, the data controller shall provide an explanation of the reasons for the delay. If a personal data breach is likely to cause a high risk of infringement of the rights or freedoms of individuals, the controller shall notify the data subject of such breach without undue delay.

VII. COOKIE POLICY

1 The Seller uses cookies.
2 Cookies are IT data, mainly text files, which are stored on the Users' devices and intended for the use of the Website. stored on Users' devices and intended for use on the Website. 3 Cookies are stored on Users' devices and intended for use on the Website.
3 Cookies used by the Administrator shall be safe for Users' Devices. Users' Devices. In particular, it is not possible for viruses or other unwanted data to enter User Devices. User Devices shall not be infected with viruses or other unwanted software or malware. Malware. These cookies allow us to identify the software used by the User and configure the Services individually for each User. Cookies usually contain the name of the domain from which they originate, the time they are stored on the device and the value assigned to them.
(4) With regard to the purpose of collection, we distinguish the following cookies :
a) Necessary: necessary for the proper functioning of the website - files processed on the basis of the legitimate interest of the administrator (Article 6.1.f RODO);
(b) Statistical: allow us to study website traffic, learn about our users' preferences, analyze their behavior on the website and allow us to interact with external networks and platforms - files processed on the basis of the user's voluntary consent (Article 6.1.a RODO);
(c) marketing: they allow us to tailor the advertisements and content displayed to our users' preferences and to conduct personalized marketing campaigns - files processed on the basis of the user's voluntary consent (Article 6(1)(a) RODO).
(5) Cookies may be used by advertising networks, in particular. Google, in order to serve advertisements tailored to the user's use of the website. For this purpose, information on the user's navigation path or length of time spent on the site may be stored.
(6) With respect to information about User preferences collected by the Google Advertising Network, the Google Advertising Network may allow the User to view and modify information resulting from cookies using the following tool: https://www.google.com/ads/preferences/.
(7) The User may independently and at any time change the settings regarding cookies, specifying the conditions for storing them and accessing them via cookies to the User's device. Changing the settings referred to above The User may change the settings referred to in the previous sentence through the settings of his/her Internet browser or through the configuration of the Website. These settings can be changed, in particular, to block the automatic processing of cookies in the settings of your web browser or to inform you each time they are placed on your device. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser) settings.
8 To learn how to manage cookies, including how to disable their use in your browser, you can refer to your browser's help file. Z This information can be found by pressing the F1 key on your browser. In addition, relevant tips can be found on the following pages, depending on which browser you use: Firefox, Chrome, Safari, Internet Explorer / Microsoft Edge.
9) Restricting the use of cookies may affect some of the functions available on the website.
10. the Website also collects external cookies, so-called third-party cookies, which come from external servers.
11. we use:
(a) cookies that reside in the database,
b) cookies that reside in the database,
(c) cookies that reside in the database:
-- a)Google Analytics, provided by Google Inc (1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA)
-- b) Google Ads, provided by Google Ireland Ltd. | Gordon House, Barrow Street, Dublin 4, Ireland for the purpose of optimizing the display of advertisements, remarketing and to promote the Site.

Controller reserves the right to change this Privacy Policy with cookies.