Privacy policy

§1 General provisions

1. This document is an appendix to the Terms and Conditions. By using our services, you entrust us with your information. This Privacy Policy serves only as an aid to understanding what information and data is collected and for what purpose and what we use it for. This data is very important to us, so please read this document carefully as it defines the rules and methods of processing and protecting personal data. This document also defines the rules for the use of cookies.
2. We hereby declare that we comply with the principles of personal data protection and all legal regulations provided for in the Act of 29 August 1997 on the protection of personal data (i.e. Journal of Laws of 2015, item 2135) and Regulation (EU) 2016/679 of the European Parliament and of the Council. on the protection of personal data (i.e. Journal of Laws of 2015, item 2135) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
3. The person whose personal data is being processed has the right to ask us for comprehensive information on how we use their personal data. We always try to clearly inform you about the data we collect, how we use it, for what purposes it is to be used and to whom we pass it on, how we ensure the protection of this data when passing it on to other entities, and we provide information about the institutions that should be contacted in case of doubt.
4. The seller shall apply technical measures such as: measures for the physical protection of personal data, hardware measures for IT and telecommunications infrastructure, protection measures within software tools and databases, and organisational measures to ensure the proper protection of personal data processed, and, in particular, they protect personal data against unauthorised access, acquisition and use for unknown purposes, as well as accidental or intentional alteration, loss, damage or destruction.
5. We have exclusive access to the data in accordance with the terms and conditions set out in the Terms and Conditions and in this document. Access to personal data may also be granted to other entities through which payments are made, which collect, process and store personal data in accordance with their Terms and Conditions, and entities that are responsible for the fulfilment of the order. Access to personal data is granted to the aforementioned entities to the extent necessary and only to the extent that it ensures the fulfilment of services.
6. Personal data is only processed for the purposes for which you have given your consent by clicking the appropriate fields in the form on the Website or in another explicit manner. The legal basis for the processing of your personal data is the consent to the processing of data or the requirement to perform the service (e.g. ordering a Product) that you have requested from us (in accordance with Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data). 1(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.

§2 Privacy policy

1. We take privacy seriously. We are characterised by respect for privacy and the fullest possible and guaranteed convenience of using our services.
2. We value the trust that Users place in us by entrusting us with their personal data for the purpose of order processing. We always use personal data fairly and in a way that does not betray this trust, but only to the extent necessary for order processing, including data processing.
3. The user has the right to obtain clear and complete information about how we use their personal data and for what purposes it is needed. We always clearly inform about the data we collect, how and to whom we transfer it, and we provide information about the entities to be contacted in case of doubts, questions, or comments.
4. In case of any doubts regarding our use of the User's personal data, we will immediately take action to clarify and dispel such doubts, and we will fully and exhaustively answer all related questions.
5. We will take all reasonable measures to protect Users' data against improper and uncontrolled use and to secure it in a comprehensive manner.
6. The administrator of your personal data is Animex Rafał Sumigowski, Witold Durlej S.C. NIP:642-319-99-34, tel:32 720 60 59, mail: info@123kwiaty.pl, Rybnik, ul. Urocza 14 A, kod pocztowy 44-251.
7. We make every effort to protect the information in our possession from unauthorised access, unauthorised modification, disclosure and destruction. In particular;
a) We control the methods of collecting, storing and processing information, including physical security measures, to protect against unauthorised access to the system.
b) We only grant access to personal data to those employees, contractors and representatives who need to have access to it. In addition, they are contractually obliged to maintain strict confidentiality, to allow us to control and verify how they fulfil their duties, and to face consequences if they fail to do so.
8. We will comply with all applicable data protection laws and regulations and will cooperate with data protection authorities and authorised law enforcement agencies. In the absence of data protection regulations, we will act in accordance with generally accepted data protection principles, rules of social coexistence and established customs.
9. The exact method of personal data protection is included in the personal data protection policy (ODO. security policy, personal data protection regulations, IT system management instructions). For security reasons, due to the procedures described therein, it is only available for inspection by state control authorities.
10. If you have any questions about how we handle your personal data, please contact us via the website from which you were referred to this Privacy Policy. Your request will be forwarded to the appropriate person without delay.
11. You have the right to notify us at any time if you
a) no longer wish to receive information or messages from us in any form;
b) wish to receive a copy of your personal data held by us;
c) correct, update or delete your personal data in our records;
d) wish to report violations, improper use or processing of your personal data.
12. To make it easier for us to respond or address the information provided, please provide your full name and further details.

§3 Scope and purpose of personal data collection

1. We process necessary personal data for the purpose of providing services and for accounting purposes and only such data, i.e.:
a) for placing an order,
b) for concluding a contract, making a complaint and withdrawing from a contract,
c) issuing a VAT invoice or other receipt.
d) monitoring traffic on our websites;
e) collecting anonymous statistics to determine how users use our website;
f) determining the number of anonymous users of our websites
g) to check how often users are shown selected content and which content is shown most often;
h) to check how often users choose a particular service or the level at which they most frequently make contact;
i) to analyse newsletter subscriptions and contact options;
j) to use a personalised e-commerce recommendation system;
k) use of the tool for communication both by email and, subsequently, by telephone;
l) integration with social networking sites;
m) possible online payments.
2. We collect, process and store the following user data:
a) name and surname,
b) residential address,
c) delivery address (if different from the residential address),
d) tax identification number (NIP),
e) e-mail address,
f) telephone number (mobile, landline),
g) date of birth,
h) PESEL (personal identification number),
i) information about the web browser used,
j) other personal data provided to us voluntarily.
3. Providing the above data by is completely voluntary but also necessary for the full implementation of services.
4. The purpose of our collection, processing or use of data:
a) direct marketing, archival purposes of advertising campaigns;
b) fulfilment of legal obligations by collecting information about undesirable activities;
5. We may transfer personal data to servers located outside your country of residence or to affiliates, third parties based in other countries including countries in the EEA (European Economic Area, EEA - free trade area and Common Market, including the countries of the European Union and the European Free Trade Association EFTA) for the purpose of processing personal data by such parties. European Economic Area, EEA – a free trade zone and common market comprising the countries of the European Union and the European Free Trade Association, EFTA) for the processing of personal data by such entities on our behalf in accordance with the provisions of this Privacy Policy and applicable laws, customs and data protection regulations.
6. We store your personal data for no longer than is necessary for proper service quality and, depending on the mode and purpose of their collection, we store them for the duration and after its completion for the following purposes:
a) fulfilment of obligations arising from legal, tax and accounting regulations;
b) prevention of fraud or crime;
c) statistical and archiving purposes.
d) Marketing activities - for the duration of the contract, granting separate consent to the processing of such data - until the end of activities related to transaction processing, you object to such processing or withdraw your consent.
e) Sales and promotional activities - e.g. competitions, promotional campaigns - for the duration and settlement of such campaigns.
f) Operational activities - until the expiry of the obligations imposed by the GDPR Regulation and relevant national regulations, in order to demonstrate reliability in the processing of personal data
g) to pursue all claims arising from the contract;
7. Considering that in many countries to which this personal data is sent, the legal level of personal data protection is not the same as in the user's country. Your personal data stored in another country may be accessed in accordance with the law applicable there, for example, by courts, law enforcement authorities and national security authorities in accordance with the regulations applicable in that country. Subject to lawful requests for disclosure, we undertake to require those processing personal data outside the user's country to take measures to protect the data adequately in accordance with their national law.

§4 Cookies Policy

1. We automatically collect information contained in cookies in order to collect User data. A cookie is a small piece of text that is sent to the User's browser and is sent back by the browser on subsequent visits to the website. They are mainly used to maintain a session, e.g. by generating and sending back a temporary identifier after logging in. We use session cookies, which are stored on the User's end device until the User logs out, closes the website or closes the web browser, and permanent cookies, which are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
2. Cookies customise and optimise the website and its offer for the needs of Users through such activities as creating page view statistics and ensuring security. Cookies are also necessary to maintain the session after leaving the website.
3. The administrator processes the data contained in Cookies each time the website is visited by visitors for the following purposes:
a) optimising the use of the website;
b) identifying the Service Users as currently logged in;
c) adapting the graphics, selection options and all other content of the website to the individual preferences of the Service User;
d) remembering automatically and manually completed data from Order Forms or login details provided by the visitor;
e) collecting and analysing anonymous statistics presenting the way the website is used in the administration panel and google analytics
f) creating remarketing lists based on information about preferences, behaviour, use of the website and interests, and collecting demographic data, and then sharing these lists in AdWords and AdSense, Facebook Ads.
g) Google Adsense cookies are used to display relevant ads to you. Adsense cookies do not contain personal data. If you would like to learn more about Google AdSense cookies and how to control them, please visit http://www.google.co.uk/policies/privacy/ads/
h) creating data segments based on demographic information, interests, and preferences in the selection of products/services viewed.
i) use demographic and interest data in Analytics reports.
j) in order to prevent web robots from performing certain functions on our trading platforms, we use the Google reCAPTCHA mechanism to occasionally check whether user behaviour does not bear the hallmarks of robot behaviour. In such a situation, we may disclose your IP address to Google LLC.
4. The user can completely block and delete the collection of cookies at any time via their web browser.
5. Blocking the use of cookies on your device may hinder or prevent the use of certain functionalities of the website, which you are fully entitled to, but in such a case you must be aware of the limitations of functionality.
6. Users who do not want cookies to be used for the above-mentioned purpose can delete them manually at any time. For detailed instructions, please visit the website of the manufacturer of the web browser currently used by the User.
7. More information about cookies is available in the help menu of every web browser. Examples of web browsers that support the aforementioned cookies:
a) Cookie settings Internet Explorer
b) Cookie settings Chrome
c) Cookie settings Firefox
d) Cookie settings Opera
e) Cookie settings Safari
f) Cookie settings Android
g) Cookie settings Blackberry
h) Cookie settings IOS (Safari)
j) Cookie settings Windows Phone
8. RECAPTCHA V3

Name of cookies	Type of cookies	Purpose of cookies	Expiry time of cookies
CONSENT	Permanent	Occasional checks to determine whether user behaviour is that of a human being or a robot.	2 years (from last update)
NID	Permanent	Occasional checks to determine whether user behaviour is that of a human being or a robot.	2 years (from last update)

9. GOOGLE ADWORDS

Cookie name	Cookie type	Purpose of cookie	Cookie expiry
PREF	Persistent	Helps to personalise ads in its services (e.g. in the search engine) – especially when the user is not logged in to their Google account.	2 years (from last update)
id	Persistent	Used for advertising purposes outside of Google pages originating from the doubleclick.net domain.	2 years (from last update)
drt_, FLC, NID	Persistent	Cookie of the ad server .googleads.g.doubleclick.net. Collects information on user behaviour after clicking on a Google Adwords ad and passes back conversion information.	12 hours (from last update)

10. GOOGLE ANALITYCS

Name of cookies	Type of cookies	Purpose of cookies	Expiry time of cookies
_UTMA	Persistent	Used to distinguish users and sessions. The cookie is updated and data is sent to Google Analytics every time.	2 years (from last update)
_UTMB	Persistent	Responsible for storing information about the visit.	30 mins (from last update)
_UMTC	Session	The _utmc cookie works with _utmb and its task is to determine whether to start tracking a new visit or whether the collected data should be counted towards an old one. It only contains information about the unique website identifier and expires when the browser window is closed.	Until the end of the session
_UMTZ	Permanent	Contains information about the source of visits. This makes it possible to count visits from search engines and data from marketing campaigns.	6 months (from the last update)
_UMTV	Persistent	Stores the session ID. It is necessary to store information about the fact of being logged in to the website.	2 years (from the last update)

11. YOUTUBE

Name of cookies	Type of cookies	Purpose of cookies	Expiry time of cookies
PREF	Persistent	This cookie is used by Google to store user preferences and information for the Google Map service.	10 years (from last update)
Visitor_info1_Live	Persistent	This cookie is used by YouTube to store user preferences for video content pages.	8 months (from last update)
Use_Hitbox	Persistent	This cookie is used by YouTube to store user preferences for video content pages.	End of session

12. GOOGLE MAPS

Name of cookies	Type of cookies	Purpose of cookies	Expiry time of cookies
PREF	Persistent	This cookie is used by Google to store user preferences and information relevant to the use of Google Maps.	2 years (from last update)

13. FACEBOOK

Name of cookies	Type of cookies	Purpose of cookies	Expiry time of cookies
datr	Persistent	This cookie is set when the browser accesses facebook.com. The cookie is used to help identify suspicious login activity and provide additional security. For example, it may be used to flag attempts to login using multiple accounts or create spam accounts.	2 lata (od ostatniej aktualizacji)

§5 Rights and obligations

1. We have the right and, in cases specified by law, also the statutory obligation to transfer selected or all information regarding personal data to public authorities or third parties who submit such a request for information on the basis of applicable Polish law.
2. The User has the right to access their personal data that they make available. The User can correct and supplement this data at any time, and also has the right to request that it be removed from their databases or that it cease to be processed, without giving any reason. In order to exercise their rights, the User may at any time send an appropriate message to the e-mail address or by other means that will deliver/transmit such a request.
3. The processing of personal data of natural persons who are our customers is based on:
a) legitimate interest as a data controller (e.g. in the scope of creating a database, analytical and profiling activities, including activities related to the analysis of product use, direct marketing of own products, securing documentation for the purposes of defence against possible claims or for the purposes of pursuing claims)
b) consent (including, in particular, consent to e-mail marketing or telemarketing)
c) performance of the concluded contract
d) obligations arising from law (e.g. tax law or accounting regulations).
4. The processing of personal data of natural persons who are potential customers is based on:
a) the legitimate interest of the data controller (e.g. in the scope of creating a database, direct marketing of own products)
b) consent (including, in particular, consent to e-mail marketing or telemarketing)
5. A request from the User to delete personal data or to stop processing it may result in the complete inability to provide services by or a serious limitation thereof.
6. We attach particular importance to the issue of profiling and point out that:
a) for the purposes of profiling, we generally process data that has previously been subject to SSL encryption;
b) we use typical data for this purpose: email and IP addresses or cookies;
c) we profile in order to analyse or predict the personal preferences and interests of people using our Websites or products or services and to tailor the content of our Websites or products to these preferences
d) we profile for marketing purposes, i.e. to tailor the marketing offer to the above-mentioned preferences.
7. We undertake to act in accordance with applicable laws and rules of social conduct.
8. Information on out-of-court settlement of consumer disputes. The authorised entity within the meaning of the Act on out-of-court settlement of consumer disputes is the Financial Ombudsman, whose website address is as follows: www.rf.gov.pl.

§6 Basic safety rules

1. Each user should take care of their own data security and the security of their devices that are used to access the Internet. Such a device should absolutely have an anti-virus program with a regularly updated database of virus definitions and types, a secure version of the web browser used and a firewall enabled. The user should check whether the operating system and the programs installed on it have the latest and compatible updates, because attacks use errors detected in the installed software.
2. Access data for services offered on the Internet, e.g. logins, passwords, PINs, electronic certificates, etc., should be secured in a place that is inaccessible to others and impossible to hack from the Internet. They should not be disclosed or stored on a device in a form that allows unauthorised access and reading by unauthorised persons.
3. Be careful when opening strange attachments or clicking on links in emails that you were not expecting, e.g. from unknown senders or from the spam folder.
4. It is recommended to activate anti-phishing filters in your web browser, i.e. tools that check whether the displayed website is authentic and not used for phishing, e.g. by impersonating a person or institution.
5. Files should only be downloaded from trusted sites, services and websites. We do not recommend installing software from unverified sources, especially from unknown publishers with an unproven reputation. This also applies to mobile devices such as smartphones and tablets.
6. When using a home Wi-Fi network, set a secure and difficult-to-crack password. It should not be a pattern or a sequence of characters that is easy to guess (e.g. street name, host's name, date of birth, etc.). It is also recommended to use the highest possible Wi-Fi encryption standards that are compatible with your hardware, e.g. WPA2.

§7 Use of social media plug-ins

1. Plug-ins from the social networks facebook.com and Twitter and others may be integrated into our website. The corresponding services are provided by Facebook Inc. and Twitter Inc. respectively.
2. Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. To view the Facebook plugins, go to: https://developers.facebook.com/docs/plugins
3. Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. To view the Twitter plugins, go to: https://dev.twitter.com/web/tweet-button
4. The plug-in only informs the provider which of our websites you have accessed and when. If you are logged in to your account on Facebook or Twitter while visiting our website, the provider can link your interests, information preferences and other data, for example by clicking the Like button or leaving a comment or entering your profile name in a search. This information will also be transmitted directly to the provider by the browser.
5. More detailed information on data collection and use by Facebook or Twitter and on privacy can be found on the following pages:
a) Data protection/privacy tips from Facebook: http://www.facebook.com/policy.php
b) Data protection/privacy advice from Twitter: https://twitter.com/privacy
6. To avoid Facebook or Twitter noting your visit to the selected user account on our website, you must log out of your account before browsing our websites.