Privacy and cookies policy

This Privacy and Cookies Policy (hereinafter referred to as the “Privacy Policy”) defines the rules of processing and protection of personal data collected by the Controller in the framework of the use by users (hereinafter referred to as the “Users”) of the Innwell.pl online shop and related services (hereinafter referred to as the “Service”) as well as the use of cookies in connection with the Service.

  1. PERSONAL DATA CONTROLLER

The controller of personal data is Innwell spółka z ograniczoną odpowiedzialnością with its registered office in Poznan (60-451), ul. Jana Henryka Dąbrowskiego 506/113, entered in the National Court Register under the KRS number 0000626697, holding NIP: 7811930340, with the share capital of PLN 100.000,00. The Controller may be contacted in writing to the address of the registered office indicated in the preceding sentence as well as by e-mail to the address biuro@innwell.pl.

  1. PURPOSE AMD LEGAL BASIS OF DATA PROCESSING

Personal data are processed by the Controller in compliance with the legal regulations, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council  of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) for the purpose of:

  1. establishing commercial relations, including providing answers to questions asked in connection with contacting persons (pursuant to Article 6(1)(f) of the GDPR);
  2. performance of the agreement for the provision of services concluded under the terms and conditions defined in the Regulations of innwell.pl (pursuant to Article 6(1)(b) of the GDPR);
  3. fulfilling legal obligations incumbent on the Controller resulting from accounting and tax regulations (pursuant to Article 6(1)(c) of the GDPR);
  4. fulfilling the Controller’s legitimate interest in pursuing or securing claims (pursuant to Article 6(1)(f) of the GDPR);
  5. fulfilling the Controller’s legitimate interest in the scope of marketing own goods or services (pursuant to Article 6(1)(f) of the GDPR);
  6. analysis of network traffic, ensuring the security within the use of the Service and adjusting the content to the needs of Users on the basis of the legally justified interest of the Controller (pursuant to Article 6(1)(f) of the GDPR).
  1. RULES OF PERSONAL DATA PROCESSING
    1. The Controller shall process personal data only to the minimum extent necessary to achieve the purposes for which they are collected. The purposes and grounds for collecting personal data are clearly defined in this Privacy Policy. The controller shall not process personal data in the manner other than compliant with these purposes.
    2. Providing data on the website of the Service is voluntary, however, the consequence of the failure to provide them may be the User’s inability to use the service, including concluding an agreement concerning the provision of services under the terms and conditions specified in the Regulations of the innwell.pl online shop.
    3. The controller shall not process personal data in the manner which would involve taking only automated decisions concerning the data subject.
    4. If the User enters third party data in the Service for the purposes of communication, recommendation, use of the Controller’s services, the User should be authorised to enter such third party data in the Service, for example, it should hold the relevant consent of the third party and fulfil the secondary information obligation on behalf of the Controller in relation to personal data obtained in a manner other than from the data subject (in accordance with Article 14 of the GDPR).
  1. RIGHTS OF DATA SUBJECTS
    1. In accordance with the legal regulations, a data subject shall have the right to:
      1. access to the content of their data;
      2. rectification of personal data;
      3. restriction of personal data processing;
      4. erasure of personal data;
      5. data portability;
      6. withdrawal of the consent in the case the Controller processes personal data based on the User’s consent, at any time and in any manner, without affecting the compliance with the lawfulness of the processing which was performed on the basis of the consent before its withdrawal;
    2. The rights referred to in the preceding sentence may be exercised by sending an appropriate request to the Controller’s e-mail address (indicated in subparagraph 1), including the name and surname and electronic mail (e-mail) address of the person exercising such rights.
    3. The data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection if it recognises that the processing of personal data by the Controller violates the provisions of the applicable law.
  1. PERSONAL DATA RECIPIENTS
    1. Personal data may be transferred to trusted recipients, with whom the Controller continues its cooperation, such as: an entity providing accounting services, partners providing technical services (development and maintenance of IT systems and websites), marketing agencies, debt collection companies. The transfer and processing of personal data is carried out in accordance with our instructions, rules of privacy policy and any other applicable confidentiality and security measures.
    2. Personal data may be transferred to entities authorised to receive them pursuant to the applicable law, including competent State authorities, in particular the judicial authorities.
    3. Personal data may be transferred to the entities indicated in subparagraph 7(7) (including, to a third country). Notwithstanding the foregoing, personal data may be transferred to a third country or an international organisation unless it is contrary to the applicable law. Data transfer to other recipients in third countries (outside the European Economic Area) may take place pursuant to the decision on the adequate level of protection taken by the European Commission or on the basis of standard contractual clauses, in accordance with the decision of the European Commission or on the basis of the explicit consent of the data subject.

 

  1. PERIOD OF DATA STORAGE
    1. The Controller shall limit the storage of personal data in accordance with the provisions of law only to the period necessary to achieve the purposes for which they are collected, unless there are reasonable grounds for extending the data storage period.
    2. Personal data processed for the purpose of marketing of own products or services on the basis of a legitimate legal interest will be processed until the data subject raises its objection.
  2. COOKIES
    1. The Controller uses cookies or similar technologies (hereinafter referred to collectively as: “Cookies“), which should be understood as IT data, in particular text files, intended for the use of websites in the innwell.pl domain and stored in terminal devices of users browsing websites in the innwell.pl domain.
    2. Collecting the data with the use of cookies allows to adjust services and content to individual needs and preferences of the Users, i.e. people browsing websites in the Service as well as to develop general statistics related to the use of the Service.
    3. The information collected relates to the IP address, type of browser used, language, type of operating system, ISP, time and date information, location and information sent to the website through the contact form.
    4. The data collected by means of cookies is collected solely for the purpose of performing certain functions for the benefit of the Users and are encrypted in a manner preventing access by unauthorised persons.
    5. As a rule, the Controller uses two types of cookies due to the time for which the cookie is used – “session” and “permanent”:
      1. session cookies are temporary files that remain in the User’s device until it is logged out, leaves the website or turns off the software (web browser);
      2. permanent cookies are files that remain in the User’s device for the time specified in the parameters of cookie files or until they are manually deleted by the User.
    6. In principle, the Controller shall use the following cookies due to the necessity to provide services:
      1. indispensable” cookies, which enable the use of services available within the Service, e.g. authentication cookies used for services requiring authentication within the Service;
      2. performance” cookies enabling collection of information on the method of using the Service websites;
      3. functional” cookies, which enable “remembering” the settings selected by the User and personalising the User’s interface, e.g. in terms of the selected language or region from which the User originates, font size, appearance of the website, etc;
      4. advertising” cookies, which enable to provide Users with advertising content more adjusted to their interests.
    7. The Controller uses cookies of external suppliers:
      1. Google Analytics – the files used by Google to analyse the use of the website by the User. Detailed information concerning the scope and rules, including exclusions, of data collection in connection with this service can be found at: https://support.google.com/analytics/answer/6004245?hl=pl;
      2. Facebook – used by Facebook to provide advertising services.
      3. Google Ads Remarketing – files used by Google to address Users with targeted advertising on the websites of Google partners. Detailed information concerning the scope and rules, including exclusions, of data collection in connection with this service can be found at: https://www.google.plpolicies/privacy/;
      4. Google Tag Manager – a Google company tool used to manage the tags of a website. Within this service, no cookies are used and no personal data are collected.
    1.  
  2. In many cases, the web browsing software (web browser) allows cookies to be stored in the User’s terminal device by default. Service Users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block automatic handling of cookies in the settings of the web browser or inform about their placement in the Service User’s device on a case by case basis. Detailed information concerning the possibilities and methods of handling cookies is available in the software settings (the browser).
  3. The Controller informs that restrictions related to the use of cookies may affect some functionalities available on the Service websites.
  4. Cookies placed in the terminal device of the Service User and may also be used by advertisers and partners cooperating with the Service operator.