Privacy Policy
- General Provisions
1.1. The aim of this Privacy Policy is to inform our Clients about all matters related to the collection, processing and protection of their personal data. It also explains the rules and purposes of the data collection. All the processes are carried out in accordance with the current laws, in particular with the Regulation of the European Parliament and of the Council (UE) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and with the Polish Personal Data Protection Act of 10 May 2018.
1.2. We hope that this Privacy Polish will help you understand what information we collect in connection with the operation of this Store and how they are processed.
1.3. Any reference in this Privacy Policy to a User shall also apply to you.
- Definitions
2.1. Controller BSWR sp z o.o. with the seat in Warsaw, Giełdowa 4c/74, 01-211 Warsaw, registered by the District Court in Warsaw, 8th Economic Division of the National Court Register – Register of Entrepreneurs under number KRS 0000946358, Tax Id. NIP 5272986213, REGON 521044801
2.2. Personal data – any information relating to an identified or identifiable natural person, in particular by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including their device’s IP, location data and network identifier and data collected through cookies and other similar technologies.
2.3. Policy – this Privacy Policy.
2.4. GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
2.5. Act – Polish Personal Data Protection Act of 10 May 2018.
2.6. Online Store – 5.10.15 online store operated by the Controller at sheepandraven.com/.
2.7. User – each natural person visiting the Online Store and using one or more services or functionalities described in the Policy.
- Personal Data Controller
Personal data are controlled by BSWR Sp. z o.o. with the seat in Warsaw, 01-211 Warsaw, Giełdowa 4c/74 , registered by the District Court in Warsaw, 8th Economic Division of the National Court Register – Register of Entrepreneurs under number KRS0000946358, Tax Id. NIP 5272986213, REGON 521044801.
- Data Protection Officer
The Controller has appointed a Personal Data Protection Officer who can be contacted via regular mail at 01-211 Warsaw, Giełdowa 4c/74 or via email at hello@sheepandraven.com. The DPO will be glad to assist you in all matters related to the protection of personal data, in particular, will answer all queries regarding the processing of your personal data. - Purposes And Grounds
For Personal Data Processing. Within the scope of its business, the Controller shall always process your personal data lawfully however for different purposes. Your personal data are processed in connection with the following activities:
5.1. Browsing Online Store.
5.1.1. The data of all entities using the Online Store (including their IP or other identifiers and information collected through cookies or similar technologies) who are not registered Users (i.e. persons without a profile in the Online Store) are processed by the Controller for one or more purposes listed below:
5.1.1.1. Providing the Users with online services like sharing the content of the Online Store and offers of other entities as a part of a Marketplace service and contact forms – legal grounds for processing – processing is necessary to perform the contract (Art. 6.1(b) of GDPR).
5.1.1.2. Online Store purchases without registration – legal grounds for processing – processing is necessary to perform the contract (Art. 6.1(b) of GDPR).
5.1.1.3. Processing of complaints – legal grounds for processing – processing is necessary to perform the contract (Art. 6.1(b) of GDPR).
5.1.1.4. Analytical and statistical – legal grounds for processing – legitimate interests pursued by the Controller (Art. 6.1(f) of GDPR) which is to analyze Users behavior and activity and their preferences in order to improve the quality and adequacy of applied functionalities and services provided;
5.1.1.5. To identify and pursue or defend against claims, if any – legal grounds for processing – legitimate interests of the Controller (Art. 6.1(f) of GDPR) which is to protect the Controller’s interests;
5.1.1.6. Marketing purposes of the Controller and other entities, in particular in connection with the behavioral advertising – legal basis for processing – legitimate interests of the Controller (Art. 6.1(f) of GDPR) which is the customization of the advertisement content – rules of personal data processing for marketing purposes are described in the section MARKETING.
5.1.2. User activity in the Online Store including the User’s personal data are recorded in the system logs (in a dedicated IT system designed to store chronological records of events and activities of an IT system used by the Controller to provide the services). The data recorded in the logs are processed in connection with the services provided by the Controller. Moreover, the Controller processes the data for technical purposes which means in particular that the data may be temporarily stored and processed in order to ensure the safety and correct functioning of information systems, for example, to perform a backup copy, test changes in the information systems, identify faults and protect against abuse and attacks.
5.2. Online Store Registration. Users registering in the Online Store and creating a Client Account are requested to provide data necessary to create and maintain an account. In order to facilitate the ordering process, the User may choose to provide additional data and consent for their processing. Additional data may be deleted or edited at any time. Provision of data marked as mandatory (email address and password) is necessary to create and maintain an account. An account cannot be created without the mandatory data. The personal data shared with the Controller are processed for one or more of the following purposes:
5.2.1. The provision of services in connection with the operation of the Online Store – legal grounds for processing – the processing is necessary to perform the contract (Art. 6.1(b) of GDPR).
5.2.2. Analytical and statistical – legal grounds for processing – legitimate interests pursued by the Controller (Art. 6.1(f) of GDPR) which is to analyze Users behavior and activity and their preferences in order to improve the quality and adequacy of applied functionalities and offered services.
5.2.3. To identify and pursue or defend against claims, if any – legal grounds for processing – legitimate interests of the Controller (Art. 6.1(f) of GDPR) which is to protect the Controller’s interests..
5.2.4. Marketing purposes of the Controller and other entities, in particular, the sellers on the Marketplace – rules of personal data processing for marketing purposes are described in the section MARKETING.
5.3. Ordering
5.3.1. Each time the User pleases an order (an offer to purchase goods), User’s personal data must be processed. Provision of data marked as mandatory is voluntary but necessary in order to process and deliver ordered goods. An order cannot be properly processed without these data. Provision of other data is optional and does not influence the processing of an order.
5.3.2. Personal data are processed in connection with the order placed in the Online Store and are processed for one or more of the following purposes:
5.3.2.1. To deliver an order – legal grounds for processing of mandatory data – the processing is necessary to perform the contract (Art. 6.1(b) of GDPR; legal basis for processing of optional data – consent (Art. 6.1(a) of GDPR);
5.3.2.2. To comply with a legal obligation to which the Controller is subject, in particular, those imposed by tax and accounting regulations – legal grounds for processing – a legal obligation (Art. 6.1 © of GDPR);
5.3.2.3. Analytical and statistical – legal grounds for processing – legitimate interests pursued by the Controller (Art. 6.1(f) of GDPR) which is to analyze Users behavior and activity and their preferences in order to improve the quality and adequacy of applied functionalities and services provided;
5.3.2.4. To identify and pursue or defend against claims, if any – legal grounds for processing – legitimate interests of the Controller (Art. 6.1(f) of GDPR) which is to protect the Controller’s interests;
5.4. Contact Form
5.4.1. An electronic contact form is provided to enable the Users contact with the Online Store. In order to use the contact form, the User is required to share personal data necessary to contact the User and reply to the User’s inquiry. The User may choose to share other data in order to facilitate the communication and processing of an inquiry. Provision of data marked as mandatory is required in order to accept and process the inquiry. An inquiry cannot be properly submitted without these data. Provision of optional data is voluntary.
5.4.2. Personal data shared with the Controller in the contact form are processed for one or more of the following purposes:
5.4.2.1. Identification of the sender and processing of the inquiry sent via the contact form – legal grounds for processing – the processing is necessary to perform the service contract (Art. 6.1(b) of GDPR).
5.4.2.2. Analytical and statistical – legal grounds for processing – legitimate interests pursued by the Controller (Art. 6.1(f) of GDPR) which is to maintain statistics of inquiries made by the Users to the Online Store in order to improve its functionality and Controller’s activities.
5.5 Marketing.
5.5.1. The Controller processes personal data of the Users to implement marketing activities on the legal basis of the Controller’s legitimate interest (Art. 6.1(f) of GDPR). The marketing activities may include, in particular:
5.5.1.1. Marketing content not matching User preferences (contextual advertising).
5.5.1.2. Marketing content matching User interests (behavioral advertising)
5.5.1.3. Directing e-mail notifications about interesting offers or contents that in some cases may contain commercial information;
5.5.1.4. Other types of direct marketing activities of goods and services (sending commercial information by e-mail or telemarketing).
5.5.2. For some marketing activities, the Controller performs user profiling. Profiling means that the Controller uses automatic data processing to evaluate some information about natural persons in order to analyze their behavior or create forecasts for the future. This type of profiling used by the Controller does not create any legal consequences for the User nor does significantly affect the User.
5.6. Contextual Advertising. The Controller processes personal data of the Users in connection with the contextual advertising targeted to the Users (i.e. advertising matching User preferences). Personal data are processed in this case for the purpose of the Controller’s legitimate interest (Art. 6.1(f) of GDPR).
5.7. Behavioral Advertising. The Controller processes personal data of the Users including personal data collected through cookies and other similar technologies for marketing purposes in order to direct behavioral advertising to the Users (i.e. advertising matching Users preferences). Processing of personal data, in this case, includes Users profiling. The personal data collected with this technology are used for marketing purposes in particular for the marketing of goods and services of third parties on the legal basis of the Controller legitimate interests and only if the User has consented to the use of cookies. Consent to the use of cookies may be given through appropriate browser settings and may be withdrawn at any time, in particular by cleaning the cookies history and disabling cookies in the browser settings. The consent may be withdrawn at any time.
5.8. Direct Marketing. If the User consented to receive marketing information via email, SMS and other means of electronic communication, the User’s personal data are processed for the purposes of sending such information to the User. The legal grounds for processing is the Controller’s legitimate interest which is sending marketing information within the scope of the consent expressed by the User (direct marketing). The User has the right to object to the processing of his data for the purposes of direct marketing, including profiling. Data will be stored as long as the legitimate interests of the Controller exist unless the User objects to receiving the marketing information.
5.9. Cookies Files And Similar Technologies.
5.9.1. Cookies files are small text files installed on the User’s device while browsing the Online Store. Cookies collect data that enhance the use of a website, for example, by remembering User’s visits and actions in the Online Store.
5.9.2. The Controller uses the so-called cookies primarily in order to render online services to the Users and improve the quality of those services. In this regard, the Controller and entities providing analytical and statistical services for the Controller use the cookies files to store data and obtain access to already stored information on a User end device (computer, phone, tablet, etc.). The cookies files used for this purpose include:
5.9.2.1. Cookies files with the User provided data (session ID) for the duration of a session (user input cookies).
5.9.2.2. Authentication cookies files used for services that require authentication for the duration of a session (authentication cookies).
5.9.2.3. Cookies files used to ensure safety, for example, used to detect authentication abuse (user-centric security cookies);
5.9.2.4. Multimedia players session cookie files (e.g. Flash player cookies files) for the duration of the session (multimedia player session cookies).
5.9.2.5. Permanent cookies files used to customize the User interface for the session or for a little longer (user interface customization cookies).
5.9.2.6. Cookies files used to remember the shopping cart content for the duration of a session (shopping cart cookies).
5.9.2.7. Cookies files used to monitor website traffic, i.e. data analysis, including Google Analytics cookies (files used by Google to analyse how the Users use the Online Store in order to prepare statistics and reports about the Online Store performance). Google does not use the collected data to identify Users and does not link the information to enable User identification. The detailed information about the scope and rules of data collection in connection with this service can be found at https://www.google.com/intl/pl/policies/privacy/partners.
5.9.3. The Controller uses cookies for purposes other than marketing, for example, to target behavioural advertisement to the Users. For this purpose, the Controller stores data or accesses data stored on the User end device (computer, phone, tablet, etc.). The use of cookies and data collected with cookies for marketing purposes, in particular, to promote goods and services of third parties requires the User’s consent. Consent to the use of cookies may be given through appropriate browser settings and may be withdrawn at any time, in particular by cleaning the cookies history and disabling cookies in the browser settings.
- How Long Do We Store Your Data?
6.1. According to the current laws and regulations, your data are processed for the time necessary to achieve the goal. Upon that time, your data will be irrevocably deleted or destroyed.
6.2. In the case we do not need to perform any other operation on your data other than storing (e.g. applies to the data we store to defend against claims), the data are additionally protected through pseudonymization until they are permanently deleted or destroyed. Pseudonymization is encryption of personal data or filing system in such a manner that the personal data cannot be decrypted without an additional key so that they are completely useless to any unauthorized person.
6.3. Your personal data will be stored by the Controller for the time necessary to achieve the goals defined in “Purposes And Grounds For Personal Data Processing”, for example until the termination of your newsletter service, your loyalty program membership, complaint procedure. Afterwards, the data will be stored until the expiry of your time-barred claims or until we are no longer obliged by law to store your data.
- What Are Your Rights Related To Your Data?
7.1. The Users being data subjects have the following rights:
7.1.1. The right to receive information about the processing of personal data – in reply to the request made on this grounds, the Controller submits information about the data processing, including in particular the goals and legal grounds for processing, scope of personal data, subjects with which the data is shared and the planned date of their erasure.
7.1.2. The right to receive a copy of personal data – in reply to the request made on this grounds, the Controller submits a copy of the data subject’s personal data processed by the Controller.
7.1.3. The right to rectify data – in reply to the request made on this grounds the Controller removes any inconsistencies or errors in the personal data processed and complements or updates them if they are incomplete or outdated.
7.1.4. The right to erase data – on this grounds the data subject may require that the data that are no longer processed for any purpose, are erased.
7.1.5. The right to restrict the processing – in reply to the request made on this grounds, the Controller ceases to perform any operations on personal data, except for the processing consented by the data subject and the storage of the data in accordance with the retention rules or as long as the reasons for data processing restrictions exist (e.g. a supervisory authority gives consent to continue processing of the data).
7.1.6. The right to data portability – in reply to this request the Controller, in the scope of data processed in accordance with the agreement or the given consent, transmits the data of the data subject in a computer-readable format. You may also request the transfer of your personal data to another subject, provided however that it is technically feasible both on the side of the Controller and of the data recipient.
7.1.7. The right to object to the processing of the personal data for marketing purposes – the data subject may at any time object to the processing of their personal data for marketing purposes without stating any reasons for the objection.
7.1.8. The right to object to the processing of personal data for any other purpose – the data subject may at any time object to the processing of their personal data on the basis of the legitimate interest of the Controller (e.g. for analytical and statistical purposes or for reasons associated with the protection of property). The above-mentioned objection should be reasoned and is subject to the Controller’s revision.
7.2. All requests made on the above-listed basis may be submitted through the traditional mail to the address: 01-211 Warsaw, Giełdowa 4c/74 or through email to hello@sheepandraven.com.
7.3. The request should, where possible, precisely specify the scope of the request, i.e. in particular:
7.3.1. Who submitted the application.
7.3.2. Which of the rights listed in Clause 7.1 above gives grounds to the request.
7.3.3. Which processing purposes does the request pertain to (e.g. marketing purposes, analytical purposes, etc.).
7.4. In case the Controller is not able to determine the exact content of the request or identify the person submitting the request, the Controller shall ask the sender for additional information.
7.5. The reply to the request will be made immediately however not later that within a month from the date of its receipt. In the case the reply cannot be made within a month, the Controller will inform the requesting party about the prolongation of the term and its reasons.
7.6. The reply will be sent to the email address used to submit the request and in the case of requests sent by post, via registered mail to the mailing address given by the requesting party, unless the requesting party specifically asked for the reply to be sent to the email address. In this case, an email address must be provided.
- Right to Withdraw the Consent.
8.1. In the case the Controller processes your personal data on the basis of your consent, you may withdraw your consent at any time at your discretion.
8.2. If you wish to withdraw the consent for the processing of your personal data, you may proceed in one of the following ways:
8.2.1. Send an email directly to the Controller to the address hello@sheepandraven.com.
8.2.2. Send an email to the Data Protection Officer to hello@sheepandraven.com.
8.2.3. Check the appropriate option in the client panel in section Edit your account.
8.2.4. Follow the link provided at the end of an email.
8.3. The withdrawal of your consent for the processing of your personal data does not mean that the processing of your personal data by the Controller before the withdrawal was unlawful. To be more precise, as long as you do not withdraw your consent, the Controller has the right to process your personal data and the withdrawal does not affect the legality of the processing up to the moment.
- The Right to Complain.
If in your opinion your personal data are processed unlawfully, you may complain to the President of the Personal Data Protection Office.
- Transfer of Personal Data to Third Countries and International Organisations.
Your personal data will not be transferred to third countries, i.e. outside of the European Economic Area and to international organisations.
- Final Provisions.
11.1. All matters not regulated by this Privacy Policy shall be governed by the Act and GDPR.
11.2. You will be notified of any changes to this Privacy Policy through email.
11.3. If you have any questions regarding this Privacy Policy, please contact the Controller in writing via regular mail to the address 01-211 Warsaw, Giełdowa 4c/74 or through email to hello@sheepandraven.com.
11.4. If you wish to contact the Data Protection Officer of the Controller, please send a regular mail to the address: 01-211 Warsaw, Giełdowa 4c/74 or through email to hello@sheepandraven.com. The DPO will be glad to assist you in all matters related to the protection of personal data, in particular will answer all queries regarding the processing of your personal data.
11.5. This Privacy Policy is valid from 1 January 2022.