VARRANI online store, ran at the internet address: VARRANI.com belonging to the company Zofia Leś UNLIMITED, attaches the utmost importance to protect the privacy of its clients with regard to the transfer of personal data to the Customer Contact Department, with commitment to protect the privacy of customers and take their responsibility for the security of their data seriously. We will clearly and transparently inform our clients about what information we collect and what we do with it.
What kind of personal information do you collect and process with respect to be our client and in connection with the use of our website and online services;
§ Where do we get data from;
§ What we do with this data;
§ How we store data;
§ Who we transfer / disclose data to;
§ How we implement your data protection law;
§ How we proceed with data protection rules.
All personal data is collected and processed in accordance with the legislation on the protection of personal data in force in Poland and the European Union.
All personal data is collected and processed in accordance with the legislation on the protection of personal data in force in Poland and the European Union.
Administrator - personal data administrator indicated in point III Politics.
Personal data - all informations about a physical person identified or identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity, including device IP, location data, internet identifier and information collected through cookies and other similar technology.
RODO - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the process of personal data and on the free flow of such data and the repeal of Directive 95/46 / EC.
Website - a website maintained by the Administrator at VARRANI.com
User (Customer) - any natural person visiting the Website or using one or several services or functionalities described in the Policy.
We would like to inform you that the administrator of your personal data is Zofia Leś UNLIMITED registered in Lwowska 6, 39-300 Mielec with its headquaters in Batorego 5, 39-300 Mielec, Poland, having NIP number: 8171010587, and REGON: 690070285, hereinafter referred to as "VARRANI". Contact with VARRANI regarding the protection of personal data is possible at the following e-mail address: email@example.com
VARRANI has a Data Protection Supervisor - currently it is Mr. Łukasz Leś, who will help you with all matters related to the protection of personal data, in particular, he will answer any questions regarding the processing of your personal data. Contact with the Inspector is possible at the following e-mail address: firstname.lastname@example.org.
To provide services in accordance with the field of our entity activity, VARRANI processes your personal data - for various purposes, but always in accordance with the law. Below you will find specific purposes for the processing of personal data together with the legal law basis.
Account registration on the Website:
Persons who register in the VARRANI online store are asked to provide the data necessary to create and service the account. Providing data marked as obligatory is required to set up and service an account, and lack of them results in the inability of setting up an account. Data such as gender and date of birth can be provided by the user optionally. The above data is transmitted via the contact form available at VARRANI.com
Personal data is processed:
In order to provide services related with running and servicing an account in the online store VARRANI - the legal basis for processing is the necessity of processing to execute the contract (Article 6 paragraph 1 letter b). Possibly, in the field of optional data - the legal basis for processing is consent (Article 6 (1) (a) and the RODO);
for analytical and statistical purposes - the legal basis of the processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) of the RODO consisting in analyzing your activity on the Website, the way you use the account, and your preferences to improve the functionalities ;
in order to possibly set and enforce claims or defend them - the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) letter f) of the RODO consisting in the protection of its rights;
for marketing purposes of the Administrator - a detailed description of the objectives and legal grounds can be found in the marketing and direct marketing tab.
Placing orders on the Website:
Placing an order (purchase of goods) by the customer of the VARRANI online store involves the processing of his personal data. Providing data marked as mandatory is required in order to accept and service the order, and lack of results in the lack of its implementation.
Personal data is processed:
in order to execute the order - the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR); for optional data, the legal basis for the processing is consent (Article 6 (1) (a) and (GDP));
in order to fulfill statutory obligations imposed on the Administrator, resulting in particular from tax regulations and accounting regulations - the legal basis for processing is the legal obligation (Article 6 paragraph 1 letter c) of the GDPR);
for analytical and statistical purposes - the legal basis of the processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) of the RODO consisting in analyzing the Users' activity on the Website, as well as their shopping preferences in order to improve the functionalities used;
in order to possibly set and enforce claims or defend against them - the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) letter f) of the RODO consisting in the protection of its rights.
The Administrator processes Users' personal data in order to carry out marketing activities, which may consist in:
directing e-mail notifications about interesting offers or content, which in some cases contain commercial information;
carrying out other types of activities related to direct marketing of goods and services (sending commercial information by electronic means);
in order to implement marketing activities, the Administrator in some cases uses profiling, i.e. through the so-called geolocation, gaining knowledge about the country of the User's place of residence, using the VARRANI online store and the so-called segmentation - that is, selecting customers who have not placed any orders since registering their account in the VARRANI online store in order to send an offer or a discount code to such customer at the e-mail address provided by the Customer. This means that due to automatic data processing, the Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast.
If the Customer has agreed to receive marketing information via e-mail, SMS and other electronic communication means, the User's personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of VARRANI consisting in the sending of marketing information within the limits of the consent granted by the User (direct marketing). The User has the right to object to the processing of data for direct marketing purposes, including profiling. The data will be stored for this purpose for the duration of the legitimate interest of VARRANI, unless the User objects to receive the information.
The administrator processes the personal data of Users visiting Administrator profiles carried out in social media (Facebook, Instagram, YouTube, Pinterest, Pinterest). These data are processed only in connection with running a profile, including to inform Users about the activity of the Administrator and to promote various types of events, services and products, as well as to communicate with users via the functionality available in social media. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6 (1) letter f) of the RODO, which consists in promoting its own brand and building and maintaining a brand-related society.
Consideration of complaints:
In order to process a complaint, we process your personal data, such as: name, e-mail address, order number, or address - if there is a refund, or bank account number - if there is a refund.
The legal basis for such data processing is art. 6 par. 1 lit. b RODO, which allows personal data to be processed, if it is necessary to perform the contract or take steps to conclude the contract.
In order to send an e-mail notification to the Customer in connection with the service being provided, we process personal data such as: e-mail address and order number.
The legal basis for such data processing is art. 6 par. 1 lit. f RODO, which allows personal data to be processed, if, in this way, the Personal Data Controller performs its legitimate interest (in this case, the interest of the Company is to inform you about activities related to the service in order to increase the comfort of using the website);
In order to contact us on matters related to the service, we process personal data such as: phone number, order number.
The legal basis for such data processing is art. 6 par. 1 lit. a RODO, which allows personal data to be processed on the basis of a voluntary consent;
Registers and records of the GDP:
In order to create registers and records related to the GDP, including, for example, the register of clients who raised an objection in accordance with the GDPR, we process personal data such as: name and e-mail address, because firstly, the provisions of the GDPR impose on us documentation obligations to demonstrate compliance and accountability, and secondly, if you object to the processing of your personal data, for example, for marketing purposes, we need to know who should not use direct marketing, because you do not want it.
The legal basis for such data processing is, first, art. 6 par. 1 lit. c RODO, which allows personal data to be processed, if such processing is necessary to fulfill the obligations arising from the law by the Administrator of Personal Data; secondly, art. 6 par. 1 lit. f RODO, which allows personal data to be processed, if, in this way, the Personal Data Controller performs its legitimate interest (in this case, the interest of the Company is to have knowledge about people who fulfill their rights resulting from the GDPR);
In order to administer the website, we process personal data such as: IP address, server date and time, information about the web browser, information about the operating system - these data are automatically saved in the so-called server logs, each time a website belonging to the Company is used. It would not be possible to administer the website without using the server and without this automatic saving. The legal basis for such data processing is art. 6 par. 1 lit. f RODO, which allows personal data to be processed, if in this way the Personal Data Controller execute its legitimate interest (in this case, the Company's interest is to administer the website);
Comments on the Website:
In order to post a comment on the website of the VARRANI online store, we process personal data such as your name and surname. The legal basis for such processing is art. 6 par. 1 lit. and the RODO, which allows personal data to be processed on the basis of a voluntary consent (in this case, we assume that adding of a comment is a simultaneous consent to the processing of personal data).
VARRANI on its website, like other entities, uses the so-called cookies, i.e. short text information, saved on a computer, phone, tablet or other user device. They can be read by our system, as well as by systems belonging to other entities, which services we use (eg Facebook, Google).
Cookies meet a lot of functions on the website, most often useful, which we will try to describe below (if the information is insufficient, please contact us):
ensuring security - cookies are used to authenticate users and prevent unauthorized use of the Customer's panel. They are therefore used to protect the Customer's personal data against unauthorized access;
impact on the processes and efficiency of using the website - cookies are used to ensure that the website works efficiently and that you can use the functions available on it. It is possible, among other things, by remembering the settings between subsequent visits on the website. Thanks to them, you can efficiently browse the website and individual subpages;
state of the session - cookies often record information about how visitors use the website, for example which subpages are displayed most often. They also enable identification of errors displayed on some subpages. Cookies used to save the so-called "Session state" helps, therefore, improve services and increase the comfort of browsing;
maintaining session status - if the client logs in to his panel, cookies allow the session to be sustained. This means that after switching to another subpage, you do not have to enter your login and password again each time, which contributes to the comfort of using the website;
creating statistics - cookies are used to analyze how Users use the website (how many websites are open, how long they stay on that website, which strike a chord, etc.). Thanks to this, you can constantly improve the website and customize its operation to the preferences of Users. In order to track activity and create statistics, we use Google tools, such as Google Analytics. Beyond reporting website usage statistics, the Google Analytics pixel is also designed, along with some of the cookies described above, to help with displaying more well-chosen content to the user on Google services (e.g. Google search engine) and across the entire web;
using social functions - on the website we have so-called pixel Facebook and Instagram, which allows you to like our fanpage in these websites while using the site. However, to make this possible, we must use the cookies provided by Facebook and Instagram.
Importantly, many cookies are for us anonymized - basing on them, without additional information, we are unable to identify your identity.
If the processing of personal data takes place on the basis of consent, you can withdraw your consent at any time – according to your discretion
If you would like to withdraw your consent to the processing of personal data, it is sufficient for this purpose:
send an email directly to VARRANI to email@example.com or
send an email to the Data Protection Officer at firstname.lastname@example.org or
select the appropriate box in the Customer panel, in the tab "My Account" → "Personal Data" or
click the link in the e-mail message attached at the end of every message sent.
If the processing of your personal data took place on the basis of consent, its withdrawal does not mean that the processing of personal data up was illegal to this point. In other words, until the withdrawal of consent, we have the right to process your personal data and its cancellation does not affect the legality of the present processing.
1. Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations in the use of services offered by VARRANI.
2.So that we could be able to process your order, it is necessary to provide your e-mail address - without this we are unable to provide electronic information on the status of order fulfillment.
3. In order for you to receive an order, it is necessary to provide your address details - without this we are unable to deliver your order.
4. In order to be able to contact you, you need to provide a telephone number - without this we are not able to contact you in case of questions regarding the order, delivery or significant changes in the VARRANI offer.
In order to carry out marketing activities, the Administrator uses profiling in some cases, i.e. through the so-called geolocation, gaining knowledge about the country of the User's place of residence, using the VARRANI online store and the so-called segmentation - that is, selecting customers who have not placed any orders since registering their account in the VARRANI online store in order to send such an offer or a discount code to the e-mail address provided by the Customer. This means that due to automatic data processing, the Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast.
Recipients of personal data:
In connection with the provision of your services, personal data will be disclosed to exogenous entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting, legal, audit, consulting, courier (in connection with carrying out the order), marketing agencies (in the field of marketing services) and entities associated with the Administrator and business partners.
The Administrator reserves the right to disclose selected information regarding your competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the current law. It is extremely difficult for us to predict who may apply for the disclosure of personal data. Nevertheless, we assure you that every request to disclose your personal data is analyzed very precisely and very carefully, so that we could avoid informing unintensionally the unauthorized person.
Transfer of personal data to third countries:
The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection. The administrator always informs about the intention to transfer personal data outside the EEA at the collection stage. The administrator transfers personal data outside the EEA only when the client orders the commision (sending it) outside the EEA.
The period of processing personal data :
In accordance with applicable law, we do not process your personal information "infinity", but for the time that is needed to achieve the goal. After this period, your personal data will be irretrievably deleted or destroyed.
In a situation where we do not need to carry out other operations on your personal data than storing them (eg order fulfillment), until we permanently remove or destroy them, we additionally secure them - through pseudonymisation. Pseudonymisation consists in such encryption of personal data or a personal data set that it is impossible to read them without an additional key, and hence such information becomes completely useless to an unauthorized person.
Regarding individual periods of personal data processing, we kindly inform you that we process personal data for the period of:
the duration of the contract - in respect of personal data processed in order to conclude and perform the contract;
3 years or 10 years + 1 year - in respect of personal data processed in order to establish, assert or defend claims (the length of the period depends on whether both parties are entrepreneurs or not);
6 months - in respect of personal data that were collected when pricing the service, and at the same time the contract was not concluded immediately;
5 years - in relation to personal data related to the fulfillment of obligations under tax law;
until the consent is withdrawn or the purpose of processing has been achieved, but not for more than five years - in respect of personal data processed on the basis of consent;
until the moment of rising an objection or achieving the purpose of the processing, but not for more than 5 years - in respect of personal data processed on the basis of the legitimate interests of the Personal Data Administrator or for marketing purposes;
We count the periods in years from the end of the year in which we started processing personal data to improve the process of removing or destroying personal data. Separate timing for each event would entail significant organizational and technical difficulties, as well as significant financial outlay, therefore setting one date for removing or destroying personal data allows us to manage this process more efficiently. Of course, if you use the right to be forgotten, such situations are considered individually.
The additional year associated with the processing of personal data collected for the performance of the contract is dictated by the fact that you can hypothetically claim a moment before the expiry of the limitation period, the request may be delivered with a significant delay or you may incorrectly determine the limitation period of your claim.
Data subjects' rights:
We kindly inform you that you have the right to:
§ access to your personal data;
§ correcting personal data;
§ deletion of personal data;
§ restrictions on the processing of personal data;
§ opposition to the processing of personal data;
§ transfer of personal data.
We respect your rights under the provisions on the protection of personal data and we try to facilitate their fulfilment to the highest possible extent.
We would like to point out that these rights are not absolute and therefore we may legally refuse you to comply with the law in certain situations. However, if we refuse to accept the request, then only after careful consideration and only if the refusal to take into account the request is necessary.
Regarding the right to object, we explain that you have the right to oppose the processing of your personal data at any time on the basis of the legitimate interest of the Data Administrator (they are listed in point V) in relation to your particular situation. However, you must remember that in accordance with the law, we may refuse to take into account the objection, if we demonstrate that:
there are legitimate grounds for processing that override your interests, rights and freedoms or
there are grounds for establishing, investigating or defending claims.
In addition, you may object to the processing of your personal data for marketing purposes at any time. In this situation, after receiving the objection, we will stop processing for this purpose.
You can impliment your rights by:
sending an e-mail directly to VARRANI to the address email@example.com or
sending an e-mail to the Data Protection Officer at firstname.lastname@example.org or
click the link in the e-mail message attached at the end of every sent message.
Right to file a complaint:
If you believe that your personal data is being processed contrary to the law in force, you can complain to the President of the Office of Personal Data Protection.