Privacy Policy
1. Data Administrator and Definitions
- The administrator of the personal data of Customers / Users of the Online Store, also referred to as the Seller, is:
- LÀBAS Zuzanna Krasnodębska
tel. 517 770 464,
hello@labaseyewear.com,
NIP 5272480198,
REGON 365804218 - The Data Administrator can be contacted:
- at the correspondence address: ul. Marszałkowska 115/338, 00-102 Warsaw;
- at the email address: hello@labaseyewear.com.
- User - a natural person visiting the website(s) of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy.
- Customer - a natural person with full legal capacity, a natural person who is a Consumer, a legal person, or an organizational unit without legal personality, granted legal capacity by law, who enters into a Distance Sales Agreement with the Seller.
- Online Store - an online service operated by the Seller, available at the electronic addresses (websites): https://labaseyewear.com. through which the Customer/User can obtain information about the Goods and their availability and purchase Goods or order services.
- Newsletter - information, including commercial information within the meaning of the Act of July 18, 2002, on the provision of services by electronic means (Journal of Laws of 2020, item 344) from the Seller sent to the Customer/User electronically; receiving it is voluntary and requires the consent of the Customer/User.
- Account - a collection of data stored in the Online Store and in the Seller's teleinformatics system concerning a given Customer/User and the orders placed and contracts concluded by them, which allows the Customer/User to place orders and enter into contracts.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
2. Purposes, Legal Bases, and Duration of Data Processing
- To implement the Distance Sales Agreement, the Seller processes:
- information regarding the User's device to ensure the correct operation of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, activity data on the Site, including on individual subpages;
- geolocation information, if the User has consented to the service provider's access to geolocation. The geolocation information is used to provide more tailored product and service offers;
- personal data of Users: first name, last name, registered address, correspondence address, email address, phone number, NIP, bank account number, or other personal data that are necessary to complete the purchase and that the Administrator requires during the purchasing process.
- This information does not contain data regarding the identity of Users, but when combined with other information, it may constitute personal data and, consequently, the Administrator provides it with full protection under GDPR.
- This data is processed in accordance with Article 6(1)(b) of the GDPR, for the purpose of providing the service, i.e., the contract for the provision of services by electronic means in accordance with the Terms and Conditions, and in accordance with Article 6(1)(a) of the GDPR, in connection with the consent to the use of specific cookies or other similar technologies, expressed through appropriate web browser settings in accordance with the Telecommunications Law or in connection with consent to geolocation. The data is processed until the Customer/User has finished using the Online Store.
- The Administrator is obliged to take all measures required under Article 32 of the GDPR, i.e., taking into account the state of technical knowledge, the cost of implementation, and the nature, scope, and purposes of processing and the risk of infringement of the rights or freedoms of natural persons of varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure a level of security corresponding to that risk.
3. Marketing Activities of the Administrator
- On the Online Store's website, the Data Administrator may post marketing information about their products or services. The display of this content is carried out by the Data Administrator in accordance with Article 6(1)(f) of the GDPR, i.e., in accordance with the legitimate interest of the Data Administrator, which consists of publishing content related to the services provided and promotional content of campaigns in which the Data Administrator is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users; Customers/Users expect to receive content of a similar nature, and they even anticipate it or it is their direct purpose for visiting the website(s) of the Online Store.
4. Recipients of User Data
- The Data Administrator discloses Users' personal data only to entities processing them based on concluded data processing agreements for the purpose of providing services to the Data Administrator, e.g., hosting and website maintenance, IT services, marketing, and PR services.
5. Transfer of Personal Data to Third Countries
- Personal data will not be processed in third countries.
6. Rights of Data Subjects
- Everyone whose data is processed has the right to:
- access (Article 15 GDPR) - to obtain from the Data Administrator confirmation of whether their personal data is being processed. If data about the person is being processed, they have the right to access it and obtain the following information: the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, the period of data retention or the criteria for determining it, the right to request rectification, erasure, or restriction of the processing of personal data concerning the data subject, and to lodge an objection to such processing;
- receive a copy of the data (Article 15(3) GDPR) - to obtain a copy of the data being processed, with the first copy being free of charge, while for additional copies, the Data Administrator may charge a reasonable fee, reflecting administrative costs;
- rectification (Article 16 GDPR) - to request the rectification of their personal data that is inaccurate or to complete incomplete data;
- erasure of data (Article 17 GDPR) - to request the deletion of their personal data if the Data Administrator no longer has a legal basis for processing it or if the data is no longer necessary for processing purposes;
- restriction of processing (Article 18 GDPR) - to request the restriction of the processing of personal data when:
- the data subject contests the accuracy of the personal data – for a period enabling the Data Administrator to verify the accuracy of the data,
- the processing is unlawful and the data subject opposes the erasure of the data, requesting the restriction of its use,
- the Data Administrator no longer needs the data, but it is necessary for the data subject to establish, exercise, or defend claims,
- the data subject has objected to processing – until it is determined whether the legitimate grounds on the part of the administrator override the grounds for the objection of the data subject;
- data portability (Article 20 GDPR) - to receive their personal data concerning them, which they provided to the Data Administrator, in a structured, commonly used, machine-readable format, and to request the transfer of that data to another Administrator, if the data is processed based on the consent of the data subject or a contract with them, and if the data is processed in an automated manner;
- objection (Article 21 GDPR) - to object to the processing of their personal data for legitimate interests of the administrator, on grounds relating to their particular situation, including against profiling. In this case, the Data Administrator assesses whether there are important legitimate grounds for processing that override the interests, rights, and freedoms of the data subjects, or grounds for establishing, exercising, or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the administrator, the Data Administrator will be obliged to cease processing the data for those purposes;
- to withdraw consent at any time and without giving a reason, but the processing of personal data carried out prior to the withdrawal of consent shall remain lawful. Withdrawal of consent will result in the cessation of the processing of personal data by the Data Administrator for the purpose for which that consent was given.
- To exercise the rights mentioned above, the data subject should contact the Data Administrator using the provided contact details and inform them of which right they wish to exercise and to what extent.
7. President of the Personal Data Protection Office
- The data subject has the right to lodge a complaint with a supervisory authority, which in Poland is the President of the Personal Data Protection Office based in Warsaw, ul. Stawki 2, which can be contacted in the following ways:
- by mail: ul. Stawki 2, 00-193 Warsaw;
- via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
- Helpline: 606-950-0000.
8. Data Protection Officer
- In any case, the data subject may also contact the Data Administrator's data protection officer directly via email or in writing at the address of the Data Administrator, provided in Section 1 point 2 of this Privacy and Cookies Policy.
9. Changes to the Privacy Policy
- The privacy policy and cookies may be supplemented or updated according to the current needs of the Administrator to provide current and reliable information to Clients/Users.
10. Cookies
- The online store performs the functions of acquiring information about Clients, Users, and their behavior in the following ways:
- by voluntarily entering information in the forms for purposes resulting from the functions of a specific form;
- by saving cookies (so-called "cookies") on end devices;
- by collecting server logs by the hosting operator of the online store (necessary for the proper functioning of the service).
- Cookies are IT data, in particular text files, which are stored on the end device of the Client/User and are intended for use on the online store's website. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device, and a unique number.
- The online store uses cookies only after the Client/User has given prior consent in this regard. Consent to the online store's use of all cookies occurs by clicking the button: "Close" when the message about the use of cookies by the online store is displayed or by closing this message.
- If the Client/User of the online store does not consent to the online store's use of cookies, they can use the option: "I do not consent," available also in the message about the use of cookies by the online store, or make changes in the settings of the web browser they are currently using (this may, however, cause incorrect functioning of the online store's website).
- To manage cookie settings, you should select from the list the web browser/system and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
- The legal basis for processing personal data obtained from cookies is the legitimate interests of the Data Administrator, consisting of ensuring high-quality services and ensuring the security of services.
- Within the online store, two basic types of cookies are used: "session" cookies and "persistent" cookies. Session cookies are temporary files that are stored on the User's end device until they log out, leave the online store, or turn off the software (web browser). Persistent cookies are stored on the Client/User's end device for the time specified in the parameters of the cookies or until they are deleted by the Client/User.
Functional Cookies (Necessary)
labaseyewear.com
monit_token: 365 days, cookie
Identifies the store's client.
shop_monit_token: 30 minutes, cookie
Identifies the store's client.
client: 1 day, cookie
Identifies the logged-in client / cart of the unlogged client.
affiliate: 90 days, cookie
Stores information about the affiliate identifier from which the entry to the store occurred.
ordersDocuments: cookie
Stores information about the status of document printing.
__idsui: 1095 days, cookie
File necessary for the functioning of the so-called lightweight login on the site.
__idsual: 1095 days, cookie
File necessary for the functioning of the so-called lightweight login on the site.
__IAI_SRC: 90 days, cookie
Stores only the source from which the entry to the site occurred.
login: cookie
Stores information about whether the user has logged in on the site.
CPA: 28 days, cookie
Contains information about variables for CPA/CPS programs in which the site participates.
__IAIRSABTVARIANT__: 30 days, cookie
Variant identifier for A/B testing and IdoSell RS engine configuration.
basket_id: 365 days, cookie
User's basket identifier on the site, assigned for the duration of the current session.
page_counter: 1 day, cookie
Counter of visited pages.
LANGID: 180 days, cookie
Stores information about the language selected by the site user.
REGID: 180 days, cookie
Stores information about the region of the site user.
CURRID: 180 days, cookie
Stores information about the currency selected by the site user.
__IAIABT__: 30 days, cookie
Stores the identifier of A/B tests for the purpose of testing and improving the functionality of the store.
__IAIABTSHOP__: 30 days, cookie
Stores the identifier of the store participating in the A/B test.
__IAIABTVARIANT__: 30 days, cookie
Stores the identifier of the variant drawn in the ongoing A/B test.
toplayerwidgetcounter[]: cookie
Stores the number of pop-up message displays.
samedayZipcode: 90 days, cookie
Stores information about the postal code of the site user, which is necessary to offer courier delivery in the SameDay service.
applePayAvailability: 30 days, cookie
Stores information about whether the payment method ApplePay is available for the user.
paypalMerchant: 1 day, cookie
PayPal account identifier.
toplayerNextShowTime_: cookie
Stores information about when the next pop-up message display is to occur.
rabateCode_clicked: 1 day, cookie
Stores information about the closing of the banner informing about the active discount.
freeeshipping_clicked: 1 day, cookie
Stores information about the closing of the banner informing about free shipping.
redirection: cookie
Stores information about the closing of the pop-up message informing about the suggested language for the store.
filterHidden: 365 days, cookie
After clicking the option to collapse the filter for goods, it saves information about which filter should be collapsed after refreshing the list of goods.
toplayerwidgetcounterclosedX_: cookie
Stores information about the closing of the pop-up message.
cpa_currency: 60 minutes, cookie
Contains information about the currency for CPA/CPS programs in which the site participates.
basket_products_count: cookie
Stores information about the number of products in the basket.
wishes_products_count: cookie
Stores information about the number of products on the wishlist.
IAI S.A.
iai_accounts_toplayer: 30 days, cookie
Ensures correct display of the pop-up message informing about the IdoAccounts login service (https://www.idosell.com/pl/tysiace-gotowych-do-uzycia-funkcji/logowanie-do-sklepu-z-konta-w-innym-serwisie/).
IdoSell
platform_id: cookie
Stores information about whether the page is displayed in the mobile application.
paypalAvailability_: 1 day, cookie
Stores information about whether the payment method PayPal is available for the user.
ck_cook: 3 days, cookie
Stores information about whether the site user has consented to cookies.
IdoAccounts
accounts_terms: 365 days, cookie
Stores information about whether the user has accepted consent to use the IdoAccounts service.
express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin
NID: 180 days, cookie
These cookies (NID, ENID) are used to remember user preferences and other information, such as preferred language, number of results displayed on the search results page (for example, 10 or 20), and whether the user wants the Google SafeSearch filter turned on. This file is also necessary to offer the Google Pay payment service.
Google reCAPTCHA
_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site from spam queries in contact forms.
PayPal
ts: cookie
This cookie is typically provided by PayPal and supports payment services on the site.
ts_c: 1095 days, cookie
This cookie is typically provided by PayPal and is used to prevent fraud.
x-pp-s: cookie
This cookie is typically provided by PayPal and supports payment services on the site.
enforce_policy: 365 days, cookie
This cookie is typically provided by PayPal and supports payment services on the site.
tsrce: 3 days, cookie
This cookie is typically provided by PayPal and supports payment services on the site.
l7_az: 60 minutes, cookie
This cookie is essential for the PayPal login function on the website.
LANG: 1 day, cookie
This cookie is typically provided by PayPal and supports payment services on the site.
nsid: cookie
Used in the context of transactions on the Website. The cookie is required for secure transactions.
Analytical cookies
IAI S.A.
__IAI_AC2: 45 days, cookie
Conversion tracking identifier (Activity Tracking) for collecting the history of sources preceding the order, as well as the source through which the order was placed according to the last click attribution model.
Google Maps
SID: 3650 days, cookie
Contains digitally signed and encrypted records of the user's Google account identifier and last login time. The combination of these cookies (SID, HSID) allows Google to block various types of attacks, such as attempts to steal content from forms submitted in Google services.
Advertising cookies
labaseyewear.pl
RSSID: 180 days, cookie
IdoSell RS user identifier, used for displaying personalized product recommendations on the site.
__IAIRSUSER__: 60 minutes, cookie
IdoSell RS user identifier, used for displaying personalized product recommendations on the site.
- Cookies are used for the following purposes:
- creating statistics that help understand how Customers/Users of the Online Store use the websites, which enables improvement of their structure and content;
- maintaining the session of the Customer/User (after logging in), so that the Customer/User does not have to re-enter their login and password on each subpage of the Online Store;
- defining the profile of the Customer/User to display product recommendations and tailored materials in advertising networks, particularly the Google network.
- Web browsing software (web browser) typically allows the storage of cookies on the Client/User's end device by default. Customers/Users can change the settings in this regard. The web browser allows the deletion of cookies. It is also possible to automatically block cookies.
- Restrictions on the use of cookies may affect some functionalities available on the websites of the Online Store.
- Cookies placed on the end device of the Customer/User and used may also be used by advertisers and partners cooperating with the Online Store.
- Cookies can be used by the Google network to display ads tailored to how the Customer/User uses the Online Store. For this purpose, they may retain information about the user's navigation path or the time spent on a given page: https://policies.google.com/technologies/partner-sites.
- We recommend that the Customer/User read the privacy policies of these companies to understand the rules for using cookies used in statistics: Google Analytics Privacy Policy.
- Regarding information about the preferences of the Customer/User collected by the Google advertising network, the Customer/User can view and edit information from cookies using the tool: https://www.google.com/ads/preferences/.
- The Online Store has plugins that may transfer Customer/User data to Administrators such as: Google Maps, PayPal, Google reCAPTCHA, IdoAccounts, IdoSell, IAI S.A., Google.
- To properly execute the Distance Selling Agreement, the data Administrator may provide Customer/User data to courier companies. Currently available delivery methods in the Online Store are available at: https://labaseyewear.pl/pl/delivery.html.
- To properly execute the Distance Selling Agreement, the Administrator may provide Customer/User data to online payment systems. Currently available prepayment methods in the Online Store are available at: https://labaseyewear.pl/pl/payments.html.
11. Newsletter
- The Client may consent to receive commercial information electronically by checking the appropriate option in the registration form or later in the appropriate tab. If such consent is given, the Client/User will receive information (Newsletter) from the Online Store at the email address provided by them, as well as other commercial information sent by the Seller.
- The Client can unsubscribe from receiving the Newsletter at any time by unchecking the relevant box on their Account page or by going to the form https://labaseyewear.pl/pl/newsletter.html, clicking the appropriate link found in the content of each Newsletter, or through Customer Service.
12. Account
- The Client/User may not place or provide any unlawful content, including opinions and other data, in the Online Store.
- The Client/User gains access to their Account after registering.
- As part of the registration process, the Client/User provides account type or gender, first name, last name, company name, VAT ID, data for issuing a sales document, shipping information, email address, and chooses a password. The Client/User ensures that the data provided by them in the registration form is true. Registration requires careful reading of the Terms and Conditions and marking on the registration form that the Client/User has read the Terms and Conditions and fully accepts all of its provisions.
- At the moment the Client/User is granted access to the Account, an indefinite electronic service agreement regarding the Account is concluded between the Seller and the Client. The Consumer may withdraw from this agreement under the terms specified in the Terms and Conditions.
- Registering an Account on one of the pages of the Online Store simultaneously means registration enabling access to the other pages where the Online Store is available.
- The Client/User may terminate the electronic service agreement at any time with immediate effect by informing the Seller via email or in writing to the data Administrator at the address provided in Section 1, point 2 of this Privacy and Cookies Policy.
- The Seller has the right to terminate the service agreement regarding the Account in the event of ceasing to provide or transferring the Online Store service to a third party, violation of the law or the provisions of the Terms and Conditions by the Client/User, as well as in the case of inactivity of the Client/User for a period of 6 months. Termination of the agreement occurs with a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the Seller's consent.