Privacy Policy

  1. Relax Lures sp. z o.o. with its registered office and correspondence address: ul. gen. Władysława Sikorskiego 39, 58-260 Bielawa, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, IX Commercial Division of the National Court Register, under KRS number: 0000898575, Tax ID (NIP): 8822137539, National Business Registry Number (REGON): 388905683, e-mail: sales@relaxlures.com, telephone no. +48 74 833 54 06, hereinafter referred to as the Controller, is the Personal Data Controller of the users of the Online Store operating at: shoprelaxlures.com, hereinafter referred to as the Online Store.
  2. The Controller has introduced appropriate securities and technical and organisational measures, including the Personal Data Protection Policy and procedures, and has trained its employees who process Your personal data in the scope of their duties, in order to ensure the appriopriate level of personal data protection with respect to the mandatory rules of law, including especially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Polish Personal Data Protection Act of 10th of May 2018, hereinafter referred to as the Act, and the other relevant personal data protection laws.
  3. The Controller appointed the Data Protection Officer, who is attorney-at-law Martyniusz Rak, e-mail: iod@relaxlures.com.
  4. The following personal data is collected on the Online Store:
    1. name and surname, e-mail address, telephone number - may be processed when, as users of our Online Store (including clients or potential clients), You provide them via e-mail, registration form, order form, contact form, traditional mail or telephone contact in order to:
      • enabling You to take advantage of the offer of the Online Store by placing an order via the order form, including placing such an order without the need to register (creating an Account) in the Online Store,
      • for voluntary registration, i.e. setting up an Account in the Online Store by You - in such a situation, the data provided by You are stored to facilitate Your use of the Online Store in the future until deregistration (deletion of the Account),
      • sending confirmation of placing an order,
      • enabling contact with You in the event of such a need in connection with the execution of the order and the shipment of the products ordered by You,
      • answering questions related to the offer of the Online Store,
      • in the event of Your consent - in order to provide the newsletter service (subscription) via an e-mail address, through which You will be informed about interesting events and commercial offers related to the Online Store, where consent to such a subscription is voluntary and You can unsubscribe it at any time,
    2. Tax ID (NIP), address of residence/registered office - these data are collected from entrepreneurs and natural persons who request an invoice and have a Tax ID (NIP), in order to issue an invoice, while in the case of natural persons who are consumers, the address of residence is sufficient,
    3. mailing address (if different from the address of residence/registered office) - its indication is necessary in the case of making purchases in the Online Store in order to properly address and execute the shipment containing the products ordered by You,
    4. IP address of a device or Internet browser identifier - the general information relating to the usage of Internet-based connections, such as IP addresses and other information contained in the system logons, which are used for technical and statistical reasons, especially collecting general demographic data (e.g. about the region, from which a connection is received),
  5. Our Online Store utilises the cookies technology to match its functionality to Your individual needs. Therefore, You can agree that the data and information You enter will be remembered, so that You can use them the next time when You visit our Online Store without having to re-enter them. The owners of other Online Stores will not have access to this data and information. If, however, You do not agree to personalisation of the Online Store, You may disable the cookies in Your Internet browsers.
  6. The source of the personal data processed by the Controller is You, i.e. the data subjects.
  7. The legal basis for processing of Your personal data is:
    1. art. 6.1.b of the GDPR, i.e. processing is necessary to perform the sales or service contract to which You are a party or in order to take steps at Your request prior to entering into such a contract with the Controller, or
    2. art. 6.1.c of the GDPR, i.e. processing is necessary for compliance with a legal obligation to which the Controller is subject, including in particular provisions on accounting, tax and archival issues, or
    3. art. 6.1.f of the GDPR, i.e. the legitimate interests pursued by the Controller, what is the establishment, exercise or defence of legal claims, until they lapse or until the relevant proceedings are completed, if they were initiated during this period, which applies in particular to Your possible claims related to the order or to the economic activity of the Controller, or
    4. - when the above legal basics for data processing are not applicable -
    5. art. 6.1.a of the GDPR, i.e. Your consent to the processing of personal data for specific purposes, including in particular to receive the newsletter from the Controller.
  8. Providing personal data is voluntary and each user of the Online Store decides, whether and to what extent, intend to use the Controller's offer and services or transfer Your personal data, taking into account the principles resulting from the content of this Privacy Policy. Nevertheless, providing personal data is necessary to achieve the purposes referred to in point 4, as well as is a condition for the conclusion and implementation of the sales or service contract and its implementation, and therefore failure to provide them results in the inability to conclude such a contract.
  9. Pursuant to the principle of data minimisation referred to in art. 5.1.c of the GDPR, the Controller processes only the categories of personal data that are necessary to achieve the purposes referred to in point 4.
  10. The Controller does not share any of Your personal data to third parties without Your express consent. Your data may be shared without Your express consent only to entities with appropriate authorization in applicable law, i.e. administration, tax, law enforcement authorities and other authorized entities.
  11. Your personal data may be entrusted for processing by the Controller:
    1. IT companies providing hosting services, servicing internet domains and providing of IT systems used by the Controller,
    2. companies providing postal, courier and transport services to the Administrator - in order to deliver correspondence and parcels with ordered products,
    3. companies providing the Controller with other services, which are necessary for the current activity of the Controller,
    4. hereinafter jointly referred to as Processors. In such a situations, the Controller concludes with the Processors contracts for entrusting the processing of personal data, and the Processors process the entrusted personal data, but only for the needs, to the extent and for the purposes indicated in the entrustment agreements.
  12. In connection with the presence of buttons and connectors on the Online Store of the Controller's accounts in social media, in the field of data, in particular, IP or Internet browser identifier, if the Controller uses the products of:
    1. Meta Platforms (Facebook, Instagram) - the above data is processed on the basis of joint administration with Meta Platforms Ireland Ltd. with its registered office at: 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland,
    2. Google (YouTube) - the above data is processed on the basis of joint administration with Google Ireland Ltd. with its registered office at: 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House),
    3. TikTok - the above data is processed on the basis of joint administration with TikTok Technology Ltd. with its registered office at: 10 Earlsfort Terrace, Dublin, D02 T380, Ireland,
    4. Twitter - the above data is processed on the basis of joint administration with Twitter Inc. with its registered office at: 355 Market Street, Suite 900, San Francisco, CA 94103, California, United States.
    5. If, in the cases referred to in this point, the transfer of personal data to third countries takes place, it is done on the terms set out in point 13.
  13. Your personal data are not transferred to third countries or international organizations within the meaning of the provisions of the GDPR. If such a transfer takes place, You will be informed in advance and the Controller will apply the safeguards referred to in Chapter V of the GDPR.
  14. The Controller processes personal data for the period necessary to achieve purposes specified in the point 4. Personal data may be processed for a longer period than indicated in the preceding sentence, if such an obligation imposed on the Controller results from specific legal provisions (e.g. in the scope of keeping accounting and tax documentation) or from the legitimate interest of the Controller referred to in point 7 letter c (e.g. for the period of limitation of claims or completion of relevant proceedings, if during the limitation period they were initiated), and also when the service provided by the Controller has continuous nature (e.g. subscribing to the newsletter).
  15. As data subjects, You have the right to:
    1. be informed of the processing of personal data in accordance with art. 12 of the GDPR,
    2. have access to personal data in accordance with art. 15 of the GDPR,
    3. correct, supplement, update and rectification personal data in accordance with art. 16 of the GDPR,
    4. erasure the data (right to be forgotten) in accordance with art. 17 of the GDPR,
    5. restriction of processing in accordance with art. 18 of the GDPR,
    6. data portability in accordance with art. 20 of the GDPR,
    7. object to the processing of personal data in accordance with art. 21 of the GDPR,
    8. not to be subject to automated individual decision-making, including profiling, in accordance with art. 22 relating to art. 4.4 of the GDPR,
    9. taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.
  16. In the case of the legal basis referred to in point 7 letter d, You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  17. In addition to the rights referred to in the two preceding points, You have the right to lodge a complaint with the supervisory authority (i.e. in Poland to the Prezes Urzędu Ochrony Danych Osobowych, address: ul. Stawki 2, 00-193 Warszawa, e-mail: kancelaria@uodo.gov.pl, tel. +48 606 950 000) referred to in art. 77 of the GDPR, if You are convinced that the processing of personal data by the Controller violates the provisions of the GDPR.
  18. Your personal data will not be subject to automated individual decision-making, including profiling, by the Controller within the meaning of the provisions of the GDPR.
  19. Any questions, requests or complaints relating to personal data processing by the Controller and with the implementation of the rights referred to in points 15-16, hereinafter referred to as the Applications, should be sent to the following e-mail of the Data Protection Officer: iod@relaxlures.com, or in writing to the address for correspondence of the Controller: ul. gen. Władysława Sikorskiego 39, 58-260 Bielawa.
    The Application should clearly contain: the data of the person or persons to whom the Application relates, the reason of the Application, and - if it is possible - the content of the request, its legal basis and the expected way of solving the issue.
  20. Each identified breach of security is documented, and in the event of cases specified in the provisions of the GDPR or the Act, such a breach of the provisions on the protection of personal data are informed - if applicable - to the data subjects (i.e. You) or the supervisory authority (i.e. in Poland to the Prezes Urzędu Ochrony Danych Osobowych).
  21. All capitalized words have the meaning given to them in the Regulations of the Online Store, unless otherwise stated in this Privacy Policy.
  22. The provisions of this Privacy Policy apply, as far as possible, to all persons with whom the Controller is in legal relations and for whom it is also Personal Data Controller, including in particular to clients, contractors, newsletter subscribers and participants of contests and partner programs organized by the Controller.
  23. All matters not regulated by this Privacy Policy shall be regulated by the relevant mandatory rules of law. If the provisions of this Privacy Policy not comply with the abovementioned rules of law, the above rules of law shall prevail.