PRIVACY POLICY

OF THE ONLINE STORE MAGICALSHOES24.COM

TABLE OF CONTENTS: 

1. GENERAL PROVISIONS

2. BASIS FOR DATA PROCESSING

3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE

4. DATA RECIPIENTS IN THE ONLINE STORE

5. PROFILING IN THE ONLINE STORE

6. RIGHTS OF THE DATA SUBJECT

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

8. FINAL PROVISIONS

1.     GENERAL PROVISIONS

1.1.This privacy policy of the Online Store is informational in nature, meaning that it does not impose any obligations on the Service Users or Customers of the Online Store. The privacy policy primarily contains the principles regarding the processing of personal data by the Administrator in the Online Store, including the bases, purposes, and periods of personal data processing, as well as the rights of data subjects, and information regarding the use of cookies and analytical tools in the Online Store.

1.2. The administrator of personal data collected through the Online Storewww.magicalshoes24.com is Aldona Karcz, conducting business under the name SHEEP SKULL ALDONA KARCZ, registered in the Central Registration and Information on Business of the Republic of Poland maintained by the minister responsible for economic affairs, with the address of business activity and correspondence address: ul. Brzezińska 40, 34-120 Targanice, NIP 5512623741, REGON 363479464, email address: sklep@magicalshoes24.com, phone number: +48 731 997 407 - hereinafter referred to as the "Administrator" and also the Service Provider of the Online Store and the Seller.

1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable legal regulations, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation:http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. Using the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by the Service User or Customer using the Online Store is voluntary, with two exceptions: (1) concluding contracts with the Administrator - failing to provide personal data indicated on the Online Store's website and in the Online Store Regulations and this privacy policy as necessary for concluding and performing the Sales Agreement or the Electronic Service Agreement with the Administrator will result in the inability to conclude such a contract. Providing personal data is, in this case, a contractual requirement, and if the data subject wishes to enter into a specific contract with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude the contract is indicated beforehand on the Online Store's website and in the Online Store Regulations; (2) statutory obligations of the Administrator - providing personal data is a statutory requirement arising from generally applicable legal provisions imposing an obligation on the Administrator to process personal data (e.g., processing data for tax or accounting purposes), and failing to provide it will prevent the Administrator from fulfilling these obligations.

1.5. The Administrator makes every effort to protect the interests of individuals whose personal data are processed by them, and in particular, is responsible for ensuring that the data collected by them are: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) accurate and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows identification of the individuals concerned for no longer than is necessary for the purposes of processing; and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

1.6. Considering the nature, scope, context, and purposes of processing and the risk of violation of the rights or freedoms of natural persons of varying probabilities and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with this regulation and to demonstrate this. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.

1.7. All words, phrases, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood according to their definitions contained in the Online Store Regulations available on the Online Store's website.

2.     BASIS FOR DATA PROCESSING

2.1. The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, particularly where the data subject is a child.

2.2. The processing of personal data by the Administrator requires that at least one of the bases specified in point 2.1 of the privacy policy is present each time. The specific bases for processing the personal data of Service Users and Customers of the Online Store by the Administrator are indicated in the following section of the privacy policy – in relation to the specific purpose of processing personal data by the Administrator.

3.     PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE STORE

3.1.The purpose, basis, duration, and recipients of personal data processed by the Administrator result from actions taken by the respective Service User or Customer in the Online Store or by the Administrator. For example, if a Customer chooses to make a purchase in the Online Store and selects in-person pickup of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of executing the Sales Agreement, but will not be shared with the carrier fulfilling shipments on behalf of the Administrator.

3.2.The Administrator may process personal data within the Online Store for the following purposes, on the bases, and for the durations indicated in the table below:

4.     DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including the execution of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers, or payment processors). The Administrator only uses the services of such processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of data subjects.

4.2. Personal data may be transferred by the Administrator to a third country, ensuring that such transfer occurs to a country providing an adequate level of protection in accordance with the GDPR, and the data subject has the option to obtain a copy of their data. The Administrator only shares collected personal data when necessary for achieving the specific data processing purpose in accordance with this privacy policy.

4.3. Data transfer by the Administrator does not occur in every case and not to all recipients or categories of recipients specified in the privacy policy – the Administrator shares data only when necessary to fulfill the specific data processing purpose and only to the extent necessary to achieve it. For example, if a Customer opts for in-person pickup, their data will not be shared with the carrier cooperating with the Administrator.

4.4. Personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.4.1. Carriers / forwarders / courier brokers / entities handling warehousing and/or shipping processes - in the case of a Customer who chooses to have the Product delivered by postal or courier service, the Administrator provides the collected personal data of the Customer to the selected carrier, forwarder, or intermediary fulfilling shipments on behalf of the Administrator, and if the shipment comes from an external warehouse, to the entity handling the warehousing and/or shipping process, to the extent necessary to complete the delivery of the Product to the Customer.

4.4.2. Entities handling electronic payments or credit card payments - in the case of a Customer who uses electronic payment methods or credit cards in the Online Store, the Administrator provides the collected personal data of the Customer to the selected entity handling such payments in the Online Store on behalf of the Administrator to the extent necessary for processing the payment made by the Customer.

4.4.3. Service providers supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business, including the Online Store and the electronic services provided through it (in particular, software providers for managing the Online Store, email and hosting providers, and providers of business management software and technical support for the Administrator) - the Administrator provides the collected personal data of the Customer to the selected provider acting on their behalf only when necessary to achieve the specific data processing purpose in accordance with this privacy policy.

4.4.4. Providers of accounting, legal, and advisory services offering the Administrator accounting, legal, or advisory support (in particular, accounting offices, law firms, or debt collection agencies) - the Administrator provides the collected personal data of the Customer to the selected provider acting on their behalf only when necessary to achieve the specific data processing purpose in accordance with this privacy policy.

5.     PROFILING IN THE ONLINE STORE

5.1. The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling, as mentioned in Article 22(1) and (4) of the GDPR, and at least in such cases, to provide significant information about the principles of such decision-making, as well as the significance and expected consequences of such processing for the data subject. With this in mind, the Administrator provides information regarding possible profiling in this section of the privacy policy.

5.2. The Administrator may use profiling in the Online Store for direct marketing purposes, but decisions made based on this profiling by the Administrator do not pertain to the conclusion or refusal to conclude a Sales Agreement, nor to the ability to use Electronic Services in the Online Store. The effects of using profiling in the Online Store may include, for example, granting a discount to a person, sending them a discount code, reminding them of unfinished purchases, sending suggestions for products that may match the interests or preferences of that person, or offering better terms compared to the standard offer of the Online Store. Despite the profiling, the individual freely decides whether they want to take advantage of the discount or better terms received in this manner and make a purchase in the Online Store.

5.3. Profiling in the Online Store involves the automatic analysis or forecasting of a person's behavior on the Online Store's website, for example, by adding a specific product to the cart, viewing the page of a specific product in the Online Store, or analyzing the previous purchase history in the Online Store. A condition for such profiling is that the Administrator possesses the personal data of that person in order to subsequently send them, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6.     RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, deletion, or portability - the data subject has the right to request access to their personal data from the Administrator, to rectify them, to delete them ("the right to be forgotten"), or to restrict processing, as well as the right to object to processing and the right to data portability. Detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.

6.2. Right to withdraw consent at any time - a data subject whose data is processed by the Administrator based on given consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing carried out based on consent before its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority - a data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular, the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

6.4. Right to object - the data subject has the right to object at any time for reasons related to their particular situation to the processing of their personal data based on Article 6(1)(e) (public interest or task) or (f) (legitimate interests of the administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process the personal data unless they demonstrate the existence of compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

6.5. Right to object to direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

6.6. To exercise the rights mentioned in this section of the privacy policy, the data subject can contact the Administrator by sending a relevant written message or email to the address provided at the beginning of the privacy policy or by using the contact form available on the Online Store's website.

7.     COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small text files sent by the server and stored on the device of the person visiting the Online Store (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor to our Online Store). Detailed information about cookies, as well as the history of their creation, can be found, among other places, here:https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies that may be sent by the Online Store's website can be classified into various types based on the following criteria:

7.3.The Administrator may process the data contained in cookies while visitors use the Online Store's website for the following specific purposes:

7.4.Checking which cookies (including the duration of cookie operation and their provider) are currently sent by the Online Store's website in the most popular web browsers can be done in the following way:

7.5. By default, most web browsers available on the market accept cookies for storage. Everyone has the option to define the conditions for using cookies through their web browser settings. This means that one can partially restrict (e.g., temporarily) or completely disable the ability to save cookies – however, in the latter case, this may affect some functionalities of the Online Store (for example, it may become impossible to proceed through the Order path via the Order Form due to the failure to remember Products in the cart during subsequent steps of placing an Order).
7.6. The settings of the web browser regarding cookies are significant concerning consent to the use of cookies by our Online Store – according to the regulations, such consent can also be expressed through the web browser settings. Detailed information on how to change settings regarding cookies and how to delete them independently in the most popular web browsers can be found in the help section of the respective browser and on the following pages (just click on the relevant link):

• In the Chrome browser

• In the Firefox browser

• In the Internet Explorer browser

• In the Opera browser

• In the Safari browser

• In the Microsoft Edge browser
  7.7. The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator maintain statistics and analyze traffic in the Online Store. The collected data is processed within these services to generate statistics helpful for administering the Online Store and analyzing traffic. This data is aggregated. When using these services in the Online Store, the Administrator collects data such as the sources and mediums through which visitors arrive at the Online Store, their behavior on the website, information about the devices and browsers used to visit the site, IP addresses, domains, geographic data, and demographic data (age, gender) and interests.
  7.8. It is possible for an individual to easily block the sharing of their activity information on the Online Store with Google Analytics – for this purpose, they can, for example, install a browser add-on provided by Google Ireland Ltd., available here:https://tools.google.com/dlpage/gaoptout?hl=pl.
  7.9. In connection with the possibility of the Administrator using advertising and analytical services provided by Google Ireland Ltd., the Administrator indicates that full information about the rules for processing data of individuals visiting the Online Store (including information stored in cookies) by Google Ireland Ltd. can be found in Google's privacy policy available at:https://policies.google.com/technologies/partner-sites.
  7.10. The Administrator may use the Meta Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. This service helps the Administrator measure the effectiveness of advertisements and learn about the actions taken by visitors to the Online Store, as well as display tailored advertisements to them. Detailed information about how Meta Pixel works can be found at the following address:https://www.facebook.com/business/help/742478679120153?helpref=page_content.
  7.11. Management of the Meta Pixel's operation is possible through the advertising settings in your account on Facebook.com:https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Administrator encourages you to review the privacy policies established on those other sites after visiting them. This privacy policy applies only to the Administrator's Online Store.