I. Preamble
This document presents the rules for processing and protecting the personal data of visitors to our website under the provisions of the General Data Protection Regulation (GDPR).
This document describes the principles of processing your data as users of the website https://moieandco.com and the services available there.
II. Definitions and useful information
What is GDPR?
GDPR is the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons through the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (from now on “GDPR”). ).
What is personal data, and what does its processing mean?
Personal data is any information about an identified or identifiable natural person (“data subject”).
Personal data processing is any activity performed on personal data, whether automated or not, e.g., collecting, storing, recording, organizing, structuring, modifying, viewing, using, sharing, limiting, deleting, or destroying.
Who is the personal data controller?
The personal data controller is a natural or legal person, public authority, agency, or other entity that, alone or jointly with others, determines the purposes and means of processing personal data. Concerning the information contained in this privacy policy, MI3 Sp. z o. o., based in Warsaw, is the Administrator of your data.
Who is the Data Protection Officer?
The Data Protection Inspector is an independent specialist who, on the one hand, supports the Administrator in fulfilling the obligations arising from the provisions on the protection of personal data and, on the other hand, is the contact point for persons whose personal data the Administrator processes. You have the right to contact the Data Protection Officer regarding your data.
When does this Privacy Policy apply?
This privacy policy applies to all cases in which we control your personal data, both when we process personal data obtained directly from you and when we obtain personal data from other sources.
III. Information about the Personal Data Administrator
The Administrator of the personal data of website users is MI3 Sp. z o. o. based in Warsaw at Rondo Daszyńskiego 2B, 00-843 Warszawa.
You have the right to contact us using the communication channels indicated below:
• By sending us a message to the following e-mail address: office@moieandco.com
• Via traditional correspondence sent to the following address:
MI3 Sp. z o. o.
Rondo Daszyńskiego 2B
00-843 Warszawa, with the note “personal data”.
Data Protection Inspector
The Administrator has appointed a Data Protection Inspector. This function is performed by Mr. Maciej Kłos, with whom you have the right to contact in case of any ambiguity regarding our data processing.
Contact with the Data Protection Officer is possible via one of the communication channels indicated below:
By sending a message to the following e-mail address: iod@moieandco.com
Via traditional correspondence sent to the following address:
MI3 Sp. z o. o.
Rondo Daszyńskiego 2B
00-843 Warszawa, with the note “Data Protection Inspector”.
V. Purposes, legal basis, scope, and period of personal data processing
The scope of data we process depends on the activity on our website. Below, we present the purposes, legal basis, scope, and period of processing of your data:
1. Purpose of collecting personal data
We collect your data for one of the purposes defined below:
• website management and customization,
• enabling you to contact us via the provided forms of communication,
• allowing you to create an account on moieandco.com,
• enabling you to make purchases via moieandco.com,
• allowing you to consent to receive marketing information.
2. Scope, legal basis, and period of data processing:
In the case of website management:
when you visit our website, a connection is established with your web browser. The information collected during this activity is stored temporarily and used to display the website properly.
The legal basis for processing your data for a specific purpose is the Administrator’s legitimate interest—Art. 6 par. 1 letter f) GDPR.
b) When contacting the Administrator:
We have provided contact details on our website that allow you to contact us for a specific or unspecified purpose. Below, we indicate the purposes and scope of processing your data in the case of selected forms of contact:
Telephone contact:
• first name and last name;
• phone number;
• and other data that may be provided during the conversation.
Contact via e-mail:
• first name and last name;
• e-mail address;
• and other data that may constitute the content of the correspondence.
Submitting the return form:
• first name and last name;
• e-mail address;
• data resulting from the placed order;
• signature.
The legal basis for the processing of your data for a specific processing purpose is:
• performance of a contract or actions taken before agreeing to the data subject’s request – Art. 6 par. 1 letter b) GDPR;
• the legitimate interest of the Administrator in handling correspondence and as part of defense against claims or pursuing claims – Art. 6 section 1 letter f) GDPR.
Your personal data will be processed for the period resulting from the limitation period for civil claims, counted from the date of completion of the correspondence or counted from the date of termination of the relationship with the Administrator.
c) if you create an account on moieandco.com:
Through our website, you have the opportunity to create an account on moieandco.com; during this process, the following will be processed:
• first name and last name;
• e-mail address;
The legal basis for the processing of your personal data for a specific processing purpose is:
• performance of a contract or actions taken before agreeing to the request of the data subject – Art. 6 para. 1 letter b) GDPR
• the legitimate interest of the Administrator in defending against claims or pursuing claims – Art. 6 section 1 letter f) GDPR.
Your data will be processed for the period resulting from the limitation period for civil claims, counted from the date of termination of the relationship with the Administrator.
d) if you purchase from moieandco.com:
Through our website, you have the opportunity to purchase products in the moieandco.com online store; during this process, the following will be processed:
• first name and last name;
• e-mail address;
• mailing address and residential address;
• phone number;
• and other data, if provided when placing the order.
The legal basis for the processing of your data for a specific processing purpose is:
• performance of a contract or actions taken before agreeing to the data subject’s request – Art. 6 para. 1 letter b) GDPR,
• the legitimate interest of the Administrator in defending against claims or pursuing claims – Art. 6 section 1 letter f) GDPR,
• the legal obligation imposed on the Administrator concerns the responsibility to keep accounting evidence—Art. 6 section 1 letter c) GDPR.
Your data will be processed for the period resulting from the limitation period for civil claims, counted from the date of termination of the relationship with the Administrator. Personal data processed in connection with the obligation to retain accounting evidence will be processed for the period specified in accounting regulations.
We want to inform you that as part of purchases made in the moieandco.com online store, your personal data will be processed by the electronic payment operator, the Przelewy 24 website, operated by PayPro S.A. You can read the regulations of the Przelewy 24 website at: https://www.przelewy24.pl/regulamin
e) if you order marketing information:
On our website, we have included the option to consent to receiving marketing information delivered via e-mail. Below, we indicate the scope of processing of your data if you consent to receiving marketing information:
• e-mail address
The legal basis for the processing of your data for a specific processing purpose is:
• Your consent to receiving marketing information – Art. 6 para. 1 letter a) GDPR
Your data will be processed until you withdraw your consent or the purpose for which the consent was collected no longer exists. Please be advised that you may withdraw your consent without any negative consequences. We want to remind you that the withdrawal of consent does not affect the lawfulness of the processing carried out based on consent before its withdrawal.
VI. Cookies
Our website uses cookies, i.e., files saved on the device (computer, smartphone, tablet) on which the web browser you visit our website is installed. The administrator uses cookies to improve the website’s functionality, create viewing statistics, determine the user’s location, and remember the selected language version. Each website user can manage cookies via the cookie Preferences Management form. You can also block cookies from your browser. Below, we present information on the possibility of stopping cookies from the browser level:
Google Chrome:
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=pl
Safari:
https://support.apple.com/pl-pl/HT201265
Opera:
https://help.opera.com/pl/latest/web-preferences/
Firefox:
https://support.mozilla.org/pl/kb/usuwanie-ciasteczek-i-dani-stron-firefox?re
Microsoft Edge:
https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plików-cookie-w-przeglarce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
Internet Explorer:
https://support.microsoft.com/pl-pl/topic/jak-usuwa-pliki-cookie-w-programie-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
VII. The need to provide personal data
Providing personal data is completely voluntary and depends on your decision. However, to make a purchase in the online store or to create an account on the mieandco.com website, providing the data is necessary; otherwise, you will not be able to make a purchase or create an account.
In a situation where your data is processed based on consent in electronic marketing communications, providing personal data is voluntary, and the lack of consent does not result in any negative consequences for you.
VIII. Recipients of your data
1. Your data may be transferred:
a) entities that provide services to the administrator, in which case data transfer occurs based on a concluded contract entrusting the processing of personal data using appropriate technical and organizational measures. Entities to which the administrator may transfer your data in connection with the provision of services include:
• entities that provide hosting services (e.g., server, e-mail),
• entities that provide software used by the administrator (e.g., e-mail software providers),
• entities providing IT support services, (e.g., entities that support the administrator in managing and maintaining IT systems),
• law firm and other entities that support the administrator in legal matters.
b) entities or parties authorized to do so under the law (e.g., they may be transferred to public authorities in connection with a legal obligation obliging the administrator to provide your data).
c) based on your request, your data will be transferred to another administrator in such a situation.
d) entities that provide services to the administrator but, due to legal regulations, are separate administrators of your data may be:
• traditional mail operators (e.g., postal operators or courier companies),
• online payment service operators.
2. Data transfer outside the European Economic Area (EEA)
We do not intend to transfer personal data to so-called third countries (i.e., outside the European Economic Area, including the European Union, Norway, Liechtenstein, and Iceland) when it is not necessary for the proper and lawful provision of services. However, if such a need arises, we can do it by ensuring this data’s appropriate level of protection and applying relevant legal requirements.
IX. Automated decision-making, including profiling
When you visit our website, your personal data may be processed in an automated manner. However, no decision is made that has a significant impact on you, i.e., this type of processing does not have any legal effects on you and does not affect your situation.
X. Source of personal data
The personal data we process with your activity on our website comes directly from you.
XI. Your rights
In connection with the processing of your data, you have the following rights:
the right to withdraw consent to process personal data is under art. 7 GDPR.
• The right to access and obtain a copy of data is under art. 15 GDPR.
• The right to rectify data, Under Art. 16 GDPR.
• The right to delete personal data is under art. 17 GDPR.
• The right to limit the processing of personal data, according to art. 18 GDPR.
• The right to transfer personal data is under Art. 20 GDPR.
• You have the right to object to processing your personal data in connection with your particular situation per Art. 21 GDPR.
• The right not to be subject to decisions based on automated processing, including profiling, under Art. 22 GDPR.
• The right to file a complaint about the Administrator’s actions, under Art. 77 GDPR.
You can send us your request regarding the exercise of your rights at any time by emailing iod@moieandco.com or sending traditional correspondence to the Administrator’s address with the note “Data Protection Inspector.”
You can exercise your right to complain by submitting an appropriate application to the President of the Office for Personal Data Protection; you will obtain all necessary information at www.uodo.gov.pl. Please remember that before you lodge a complaint with the President of the Office for Personal Data Protection, You can submit your objections to the Data Protection Inspector by writing to the email address iod@moieandco.com or using other communication channels indicated in this policy.
XII. Security
We make every effort to protect users against unauthorized access, unauthorized modification, disclosure, and destruction of information in the Administrator’s possession, in particular:
• we control our methods of collecting, storing, and processing information, including physical security measures, to protect data from unauthorized access;
• we cooperate only with entities that guarantee compliance with personal data protection regulations, in particular the provisions of the GDPR,
• we constantly improve the security level of our IT systems so that their security is up to date against all cyber threats and that the use of our services is safe and comfortable for you,
• we grant access to personal data only to those employees, contractors, and representatives who have the necessary knowledge and qualifications to guarantee their security and protection against unauthorized disclosure or modification when processing personal data,
• we constantly monitor the risk associated with the processing of your data, and if we believe that a given process may involve a potential breach of the protection of your data, we take the necessary measures to eliminate such risk,
• all processes related to processing your data are carried out per the principle of transparency, and we guarantee you complete control over all operations in which we process your data.
XIII. Complaints, doubts, and questions
Please email any questions, reservations, or doubts regarding the content of this privacy policy or the way we process your personal data with detailed information regarding the complaint to iod@moieandco.com or via traditional correspondence sent to the Administrator’s address.
Any complaints received will be considered and responded to within 30 days. In any situation, you can also contact the Administrator directly. Below are our contact details:
Administrator
Email address: office@moieandco.com
Traditional correspondence:
MI3 Sp. z o. o.
Rondo Daszyńskiego 2B
00-843 Warszawa, with the note “personal data”.
Data Protection Inspector
Email address: iod@moieandco.com
Traditional correspondence:
MI3 Sp. z o. o.
Rondo Daszyńskiego 2B
00-843 Warszawa, with the note “Data Protection Inspector”.
XIV. Final Provisions
This Privacy Policy is subject to change. Any changes will be published on the website: https://moieandco.com/, and in certain cases, information about changes will be sent directly to the user.
