Privacy and cookies policy

of the online store lynve.com

I. Definitions

For the purposes of this document, the following definitions apply:

Personal Data Controller/Controller – PLANET A SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Gdańsk, ul. Jana Heweliusza 11 lok. 811, 80890 Gdańsk, entered into the Register of Entrepreneurs of the National Court Register, maintained by the District Court of Gdańsk – Północ in Gdańsk, 7th Commercial Division of the National Court Register, under the KRS number: 0001091805, with NIP 5833502952, REGON 527962805, and share capital of: PLN 5,000.00;

Personal Data – information concerning a natural person that identifies them or makes it possible to identify them, meaning that based on this information, the identity of a natural person to whom the data pertains can be determined, directly or indirectly;

Processing – an action or a set of actions performed on Personal data or on sets of Personal data, either in an automated or non-automated way, such as, among others, collection, recording, organization, structuring, storage, retrieval, consultation, or deletion; Privacy and Cookies Policy/Privacy Policy – this document outlines the rules for processing personal data through the Store, based on and in compliance with the GDPR;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation);

Online Store/Store – the website operated by the Controller under the domain lynve.com;

User – the User or Customer as defined in the Regulations, whose Personal Data is Processed within the Store and under agreements concluded through it.

II. General information

  1. The Privacy Policy has been prepared based on and in compliance with all GDPR requirements. In particular, it includes all essential information that the Controller is obligated to provide to the individual whose Personal Data is being Processed and from whom such Data was collected – pursuant to Article 13 of the GDPR, i.e. information necessary to ensure the fairness and transparency of Personal Data by Controller.
  2. The capitalized terms that are not defined in this Privacy Policy have been defined in the Store’s Regulations available on the Store’s website.
  3. The Privacy Policy describes matters related to the Processing of Personal Data exclusively through the Store, including within the scope of Agreements concluded remotely based on information included on the Store’s website.
  4. The Store’s website uses encrypted data transmission, which means that it is equipped with an SSL (Secure Sockets Layer) certificate, a network protocol used for secure online connections.
  5. This version of the Privacy Policy is effective as of 08.01.2025.

III. Personal Data Controller

  1. The Data Controller of the User’s Personal Data is PLANET A SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Gdańsk, ul. Jana Heweliusza 11 lok. 811, 80-890 Gdańsk, entered into the Register of Entrepreneurs of the National Court Register, maintained by the District Court of Gdańsk – Północ in Gdańsk, 7th Commercial Division of the National Court Register, under the KRS number: 0001091805, with NIP 5833502952, REGON 527962805, and share capital of: PLN 5,000.00.
  2. The User may contact the Data Controller regarding their Personal Data using the following methods:
    • a. by mail at the address: ul. Jana Heweliusza 11 lok. 811, 80 – 890 Gdańsk;
    • b. by e-mail at: customerservice@lynve.com;
    • c. by phone at: +48 58 6008146.
  3. The Data Controller has not appointed a Data Protection Officer, as, given the small scope and scale of the Personal Data being Processed, this is deemend unnecessary by the Controller and it not legally required.

IV. Scope of Processed Personal Data

  1. The Data Controller may Process Personal Data through the Store in the following ways:
    • a. via the newsletter;
    • b. through a user account;
    • c. when placing Orders and concluding distance Agreements;
    • d. using analytical tools such as Google Analytics and Google Tag Manager;
    • e. using marketing tools such as Google Ads, Meta Ads, TikTok Ads, LinkedIn Ads;
    • f. Fulfilling legal obligations arising from applicable laws, particularly accounting, tax regulations and those arising from the Regulation on General Product Safety (GPSR).
  2. The Controller may also Process Personal Data to determine, pursue, and enforce claims in the event of legal proceedings or proceedings before other authorities.
  3. All Personal Data which may be Processed by the Controller through the Stor eis provided by the User voluntarily.
  4. The Use is not required to provide their Personal Data to the Controller, whether directly (ex. by registering an account) or indirectly (data collected via third-party cookies, ex. Google Analytics). However, failing to provide certain Personal Data may result in the inability to perform a specific service or achieve a certain purpose (ex. failure to provide Personal Data in the account registration form will prevent the User from creating an account).
  5. Nevertheless, if the User provides their Personal Data, the Controller will Process it in accordance with and within the bounds of the law, particularly in an adequate manner as defined by the GDPR. This means the data will be processed appropriately and limited to whatis necessary for the purposes for which it is being Processed, in compliance with the principle of data minimization.
  6. Detailed legal bases for the Processing of Personal Data are outlined later in this Privacy Policy.

V. Personal Data Processed via the newsletter

  1. Through the newsletter, which the User can subscribe to via the newsletter subscription form, the Controller processes the Personal Data provided by the User when completing and submitting the subscription form, specifically the email address.
  2. The legal basis for processing Personal Data is Article 9(2)(a) of the GDPR, i.e. processing based on the consent of the data subject for the purpose of sending the newsletter by the Seller.
  3. The User’s Personal Data processed in connection with the newsletter is processed until consent for data processing is withdrawn.
  4. The User may withdraw their consent to the processing of their personal data at any time. Withdrawal of consent to the processing of personal data does not affect the legality of the processing carried out by the Controller based on the consent given by the User prior to its withdrawal.
  5. If the User wishes to withdraw their consent for the processing of Personal Data in connection with the newsletter service, they can unsubscribe by clicking the unsubscribe link included in every email sent as part of the newsletter.

VI. Personal Data Processed via the account

  1. Through the account registration form and account management on the Store’s website, the Controller Processes Personal Data provided by the User when completing the form or data in the account, especially Personal Data required for account registration, i.e. email address, first name, last name, mailing address.
  2. The legal basis for processing Personal Data in connection with the account registration form is Article 6(1)(b) of the GDPR, i.e. Processing necessary to take steps at the User’s request prior to entering into an agreement, and processing necessary for the performance of an agreement to which the User is a party.
  3. Personal Data processed in connection with the account is retained until the expiration of the limitation period for claims related to the performance of the agreement.

VII. Personal Data Processed under Sales agreement

  1. As part of concluding a Sales Agreement remotely via the Store’s website, the Controller processes Personal Data necessary for placing the Order and concluding the Agreement. This includes: first name, last name, e-mail address, telephone number, mailingaddress, bank account or company account number, Tax Identification Number (NIP), company name.
  2. The legal basis for processing Personal Data in connection with placing an Order and concluding the Agreement is Article 6(1)(b) of the GDPR, i.e. Processing necessary to take steps at the User’s request prior to entering into an agreement and processing necessary for the performance of the Agreement to which the User is a party.
  3. The User’s Personal Data processed in connection with the submitted Order and concluded Agreement is retained until the expiration of the limitation period for claims arising from the Agreement, as stipulated by applicable laws.

VIII. Personal Data Processed via analytical tools

  1. The Controller uses analytical tools such as Google Analytics or Google Tag Manager on the Store’s website.
  2. Through Google Analytics, The Controller may Process such Personal Data of the User as IP address, approximate location limited to the city, gender.
  3. Through Google Tag Manager, the Controller may Process such Personal Data of the User as IP address and User activity.
  4. Google Tag Manager may also process personal data handled by tools integrated with it, i.e. Google Analytics, LinkedIn Ads, and Meta Ads. Google Tag Manager’s primary role is implementing tracking codes and managing tags for the indicated external tools. Personal Data processing by these tools may occur solely through data transmission without storage on Google Tag Manager’s own servers.
  5. The purpose of processing Personal Data via Google Analytics is primarily to analyze statistical data related to User traffic on the Store’s website and User interactions with the website. This helps the Controller optimize the website’s performance and operate the business more effectively.
  6. The purpose of processing Personal Data via Google Tag Manager is mainly to manage and execute tags on the Store’s website. A tag is a snippet of code that collects data or tracks User activity, allowing analytical and advertising tools such as Google Analytics, Meta Ads, and LinkedIn Ads to function more effectively.
  7. The legal basis for processing Personal Data described in this section is Article 6(1)(a) of the GDPR, i.e. Processing based on the consent of the person who the Personal Data pertains to, for the purposes served by the analytical tools mentioned in this section.
  8. The User can provide consent to Process their Personal Data via the aforementioned tools through the cookie banner that appears on the Store’s website when they visit it for the first time.
  9. The User also has the right to withdraw their consent for the Processing of Personal Data at any time without affecting the lawfulness of Processing carried out based on consent before its withdrawal.
  10. 10. To withdraw consent, the User can disable the cookies described in this section at any time through the cookie settings.
  11. Personal Data processed via Google Analytics is retained for up to 2 years, i.e. until the cookies expire or the User withdraws their consent for such Processing, as described in the subsection above.
  12. Google Tag Manager does not have a defined data retention period, as its processing depends on the settings and retention policies of the tools using its infrastructure such as Google Analytics, Meta Ads, and LinkedIn Ads.

IX. Personal Data Processed via advertising tools (Google Ads, Meta Ads, TikTok Ads, LinkedIn Ads)

  1. On the Store’s website, the Controller uses advertising tools such as Google Ads, Meta Ads, TikTok Ads, LinkedIn Ads.
  2. Within these advertising tools, the Controller may Process various types of User Personal Data such as:
    • a. Google Ads: IP address, approximate location limited to the city, gender;
    • b. Meta Ads: IP address, User or device identifier, interactions with ads, clicks, page visits, time spent on the site, age, gender, location, interest data based on activity on Facebook and Instagram, page likes, and interactions;
    • c. TikTok Ads: device identifiers, IP address, User interactions on TikTok (views, likes, shares, comments), operating system, language, time zone, approximate location, interest categories based on User activity on TikTok;
    • d. LinkedIn Ads: LinkedIn user identifiers, IP addresses, device identifiers, professional data (e.g. job title, industry, employer, education if available on the User’s profile), behavioral data (e.g. ad interactions, job offers, LinkedIn content interactions), age, location (based on profile data), and actions on the site, such as ad clicks and post interactions.
  3. The purposes of Processing Personal Data by these advertising tools are as follows:
    • a. Google Ads – running advertising campaigns by the Controller to promote the Controller’s business activities online;
    • b. Meta Ads – creating personalized ads tailored to User interests and retargeting ads to visitors of the Store’s website to increase conversion and engagement;
    • c. TikTok Ads – creating customized video ads, retargeting TikTok Users who visited the Store’s website, and aligning ad content with audience preferences;
    • d. LinkedIn Ads – displaying ads tailored to Users potentially interested in Products due to their professional profile, improving the efficiency of ads targeted at LinkedIn users.
  4. The legal basis for processing Personal Data mentioned in this section is Article 6(1) (a) of the GDPR, i.e. Processing based on the consent of the User to whom the Personal Data pertains for the specific purpose of the advertising tools described in this section.
  5. Users can give consent to Process their Personal Data via the abovementioned tool through the cookie banner displayed on the Store’s website during their first visit.
  6. Users also have the right to withdraw their consent for Personal Data Processing at any time without affecting the lawfulness of processing conducted based on consent before its withdrawal.
  7. To withdraw consent, Users can disable the cookies described in this section in the cookie settings at any time.
  8. Personal Data is Processed for varying durations, depending on the advertising tool:
    • a. Google Ads, Personal Data is Processed for a period defined by the Controller in the cookie settings or until the User withdraws consent to the Processing of their Personal Data, as outlined in the actions mentioned in the subsection above;
    • b. Meta Ads, Personal Data is Processed for varying durations depending on the type of data and its processing purpose. Data used for analytics and remarketing is typically processed for 30 days to 2 years, depending on the configuration of the specific advertisement, or until Users withdraw their consent for Processing this Data, as outlined in the actions mentioned in the subsection above;
    • c. TikTok Ads, Personal Data is most often processed for up to 13 months or until Users withdraw their consent for Processing this Data, as outlined in the actions mentioned in the subsection above;
    • d. LinkedIn Ads – depending on the purpose, Personal Data is Processed for varying durations. For data Processing aimed at ad customization and retargeting, it is typically processed for up to 6 months, while for analytical purposes, it may be processed for up to 2 years, depending on the configuration of the specific advertising campaign, or until Users withdraw their consent for Processing this Data, as outlined in the actions mentioned in the subsection above.

X. Processing Personal Data to fulfill legal obligations

  1. The Controller, as a business entity, is subject to various legal obligations, such as issuing and accounting for invoices, and obligations related to the safety of the products sold arising from the GPSR, including, among others, hazard identification, record-keeping, reporting to supervisory authorities, and the withdrawal of products from the market. Consequently, the Controller Processes Personal Data necessary to fulfill all required legal obligations, particularly in the areas of accounting, tax regulations and GPSR.
  2. The Personal Data referred to in subsection 1 above includes: first name, last name, correspondence address, e-mail address, phone number, bank account number, and, where applicable, NIP (Tax Identification Number) or REGON (National Business Registry Number), as well as the business name or, in connection with the obligations under the GPSR, such data as: the User’s identification details, information about purchased Products, and contact details.
  3. The legal basis for Processing Personal Data as part of fulfilling the Controller’s legal obligations, as referred to in this section, is Article 6(1)(c) of the GDPR, i.e. processing necessary to comply with the legal obligations imposed on the Controller by applicable legal provisions, particularly in accounting and tax laws.
  4. The Personal Data of the User processed to fulfill legal obligations is Processed until the expiration of the legal obligations of the Controller requiring the Processing of such Data.

XI. Processing of Personal Data in the event of establishing, pursuing, and enforcing claims arising from the Agreement

  1. In the event of the need to establish, pursue, and enforce claims arising from the Agreement, or to defend against such claims in court proceedings or before other authorities, the Controller will process Personal Data necessary for this purpose in accordance with legal regulations.
  2. The personal data referred to in subsection 1 above may include: first name, last name, correspondence address, e-mail address, phone number, bank account number, and, where applicable, NIP (Tax Identification Number) or REGON (National Business Registry Number), as well as the business name.
  3. The legal basis for Processing Personal Data in the situation described in this section is Article 6(1)(f) of the GDPR, i.e. Processing necessary to pursue the legitimate interests of the Controller, which may involve establishing, pursuing, or enforcing claims or defending against potential claims in legal proceedings or before other authorities.
  4. The User’s Personal Data that may be Processed for purposes related to potential claims or disputes is processed until the expiration of the limitation period for claims arising from the Agreement.

XII. 1. Processing of Personal Data by other entities

  1. To enable the Controller to maintain the Store’s website, conduct analytical activities that support the Controller’s operations, provide Services, or conclude and execute Agreements, the User’s Personal Data may also be processed by the following entities:
    • a. the hosting provider for the Store’s website that stores the Personal Data on a server and therefore processes it, i.e Cyber_folks SA with it registered office in Poznań 61-569, 1B Wierzbięcice Street, (KRS: 0000685595);
    • b. entities providing IT services related to the Store’s website;
    • c. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – for the Controller’s use of Google Analytics and Google Ads tools, acting as an independent controller of this Personal Data;
    • d. Meta Platforms Inc. for the Controller’s use of the Meta Ads tool, acting as an independent controller of this Personal Data;
    • e. TikTok Technology Limited, headquartered in Ireland, registration number: 635755, acting as an independent controller of this Personal Data;
    • f. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, registration number 477441, acting as an independent controller of this Personal Data;
    • g. entities providing accounting services and software for invoicing;
    • h. entities providing services for sending messages as part of the newsletter;
    • i. entities providing electronic payment services;
    • j. entities providing Product delivery services.

XIII. Transfer of Personal Data to third countries or international organizations

  1. The Controller does not directly transfer the User’s Personal Data to third parties or international organizations.
  2. However, the User’s Personal Data may be transferred to third countries by Google LLC whose tools the Controller uses (Google Analytics, Ads, Google Tag Manager), which, in these activities, act as independent controllers of the User’s Personal Data.
  3. Google LLC is listed among entities participating in the Data Privacy Framework program and, under the European Commission’s Implementing Decision (EU) C(2023) 4745 of July 10, 2023, on the adequacy of the level of protection of personal data under the EU-U.S. Data Privacy Framework, ensures data protection standards equivalent to those in the European Union.
  4. Meta Platforms Inc. is also listed in the Data Privacy Framework program (link: https://www.dataprivacyframework.gov/s/participant-search), ensuring (EU) personal data protection equivalent to EU standards as per the European Commission’s Implementing Decision C(2023) 4745 of July 10, 2023 link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US %20Data%20Privacy%20Framework.pdf.
  5. TikTok Technology Limited may transfer Users’ data outside the European Economic Area (EEA). Such transfers comply with applicable legal regulations, including mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of data protection.
  6. LinkedIn Ireland Unlimited Company may transfer personal data outside the EEA or to international organizations in compliance with EU data protection standards. It is listed in the Data Privacy Framework program (link: https://www.dataprivacyframework.gov/list), ensuring adequate data protection per the European Commission’s Implementing Decision (EU) C(2023) 4745 (https://commission.europa.eu/system/files/2023-07/Adequacy %20decision%20EU-US%20Data%20Privacy%20Framework.pdf). LinkedIn also employs various mechanisms to ensure compliance with cross-border data transfers, such as Standard Contractual Clauses (SCCs) approved by the European Commission and Binding Corporate Rules (BCRs) approved by relevant Data Protection Authorities (DPAs). SCCs and BCRs are widely used by organizations to establish data protection safeguards for data transfers outside the EEA, ensuring GDPR compliance through robust security measures.

XIV. Information on automated decision-making, including profiling

The User’s Personal Data is not used by the Controller for purposes involving automated decision-making, including profiling.

XV. Rights of the User in relation to the Processing of their Personal Data

  1. Under Articles 16–21 of the GDPR, the User is granted the following rights concerning the Personal Data Processed by the Controller.
  2. Based on the abovementioned legal provisions, the User can exercise the following rights concerning their Personal Data Processed by the Controller:
    • a. access to Personal Data under Article 15 of the GDPR;
    • b. rectification their Personal Data under Article 16 of the GDPR;
    • c. erasure of their Personal Data under Article 17 of the GDPR;
    • d. restriction of their Personal Data Processing under Article 18 of the GDPR;
    • e. data portability under Article 20 of the GDPR;
    • f. objection to Data Processing under Article 21 of the GDPR.
  3. More detailed information about the rights granted to the User can be found in Articles 16–21 of the GDPR.
  4. If the processing of the User’s Personal Data is based on their consent, the User also has the right to withdraw that consent at any time. Such withdrawal does not affect the legality of processing carried out based on the consent before its withdrawal.
  5. The User also has the right to lodge a complaint with the competent supervisory authority if they believe that their Personal Data is not being Processed correctly or in accordance with legal regulations.
  6. The competent supervisory authority can be the authority in the User’s country of permanent residence, their place of work, or where the alleged infringement on Personal Data rights occurred.
  7. In Poland, the supervisory authority for Personal Data is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
  8. Before filing a complaint, the Controller encourages the User to contact them via email at customerservice@lynve.com to resolve any concerns or doubts regarding the Processing of the User’s Personal Data through the Store or the concluded Agreement.

XVI. Cookies – general information

  1. The Store’s website uses cookies.
  2. Cookies are small text files stored on the User’s end device, such as a computer or a mobile phone, used when accessing the website.
  3. Cookies can be read by the Controller’s IT system (so-called „first-party cookies”) or by IT systems of third parties (so-called „third-party cookies”).

XVII. 1. Cookies and the Processing of Personal Data

  1. By reading the User’s cookies through the Controller’s IT system, the Controller may gain access to information that constitutes Personal Data. Consequently, such actions involve the Processing of this Personal Data by the Controller.
  2. Some information, including Personal Data contained in cookies from Google Analytics and Google Ads, may also be accessed by the IT systems of third parties.
  3. Certain cookies used by the Controller are essential for the proper provision of electronic services to the User, as defined by the Polish Act of July 18, 2002, on the Provision of Electronic Services. However, the use of other cookies by the Controller is not necessary for the User to properly utilize the Store, as these cookies serve additional purposes.
  4. Cookies that are not essential for the proper provision of electronic services to the User are blocked until the User consents to their use, thereby also consenting to the Processing of their Personal Data.
  5. The consent mentioned above can be provided by the User through the cookie banner displayed on the Store’s website during the User’s first visit.
  6. The legal basis for the Processing of Personal Data via the cookies mentioned above is Article 6(1)(a) of the GDPR, i.e. the User’s consent, as detailed in Sections VIII and IX above.
  7. Additionally, within their web browser, the User can manage cookie settings at any time, including blocking their use or re-enabling them.

XVIII. Cookies used on the Store’s website

  1. Through the Store’s website, the Controller uses both its own cookies and third-party cookies.
  2. The Administrator’s own cookies are used to ensure the proper functioning of specific mechanisms on the website.
  3. Third-party cookies are used for the purposes described in Sections VIII and IX above. These include:
    • a. Google Analytics, Google Ads, and Google Tag Manager owned by LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
    • b. Meta Ads owned by Meta Platforms Inc.;
    • c. TikTok Ads owned by TikTok Technology Limited;
    • d. LinkedIn Ads owned by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, registration number 477441.

XIX. Final provisions

  1. For matters not regulated in this Privacy Policy, the relevant provisions of Polish law and the GDPR shall apply.
  2. The Controller reserves the right to amend the content of this Privacy Policy, particularly when required by changes related to the Processing of Personal Data on the Store’s website,technological developments, or amendments to the applicable law concerning the matters described in this document.

Privacy policy

0
    Your cart
    Your cart is emptyWróć do sklepu
    Continue