Privacy policy

NATURA ATELIER PRIVACY AND COOKIES POLICY 

 

What will you find in this document?

Information about the principles of protecting your personal data on the website www.naturaatelier.com, including your rights and the security measures we apply.

Table of Contents

 

  • Part I – General Provisions

    • §1 Administrator (Data Controller)

    • §2 Concepts Used in the Privacy Policy

    • §3 Your Personal Data Rights

    • §4 Right to Object

    • §5 Complaint to the President of the Personal Data Protection Office

    • §6 Data Security and Data Minimisation

    • §7 Data Recipients and Documentation of Consent

    • §8 Questions about the Policy

  • Part II – Data Processing on the Website and During Contact

    • §9 Contact with us (e-mail, mail, contact form, telephone)

    • §10 Account Registration on the Website

    • §11 Purchases without Registration on the Website

    • §12 Newsletter Subscription

  • Part III – Our Social Media Profiles

    • §13 Joint Control and Use of Social Media Profiles

  • Part IV – Cookies and Related Data Processing Obligations

    • §14 Principles of Using Cookies

    • §15 Types of Cookies and Deletion

 

Part I – General Provisions

 

§1 Administrator (Data Controller)

  1. The Controller of your personal data is Marta Leśniewska-Mizerek, conducting business activity under the company name NATURA ATELIER Marta Leśniewska-Mizerek, NIP: 8393257733, with its registered office in Słupsk, Poland.

  2. In the remainder of the Privacy Policy, we refer to ourselves in the first person or as the "Controller" or "We."

  3. You can contact us:

    • By mail: ul. Bukowa 54, 76-200 Słupsk, Poland

    • By e-mail: nanaturaatelier@gmail.com

    • By phone: +48 570 510 660.

§2 Concepts Used in the Privacy Policy

  • “Website” – the website whose main page is located at www.naturaatelier.com.

  • “Policy” – means this document, the privacy policy.

  • “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

§3 Your Personal Data Rights

We process your personal data, therefore you have the right to:

  • Access your personal data.

  • Rectify (correct) your data.

  • Request the erasure of your personal data when permitted by the GDPR (the "right to be forgotten").

  • Restrict processing, to the extent specified in the GDPR.

  • Data portability – this applies when processing is based on your consent or a concluded contract (Art. 6 section 1 letter a or b of the GDPR).

§4 Right to Object

You may exercise the right to object in two situations when we process your personal data:

  • For direct marketing purposes; you do not need to justify such an objection.

  • On the basis of other legitimate interests; such an objection requires justification based on your specific situation.

§5 Complaint to the President of the Personal Data Protection Office

If you believe that we are processing your personal data unlawfully, you may lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (UODO).

§6 Data Security and Data Minimisation

  1. We apply the required technical and organizational measures to prevent unauthorized persons from obtaining and modifying personal data.

  2. In accordance with the principle of minimisation, the Controller collects and processes only the personal data that is strictly necessary to achieve the purposes indicated in this Policy.

§7 Data Recipients and Documentation of Consent

  1. Data Recipients (Art. 13 section 1 letter e of the GDPR): We transfer your personal data only to those entities explicitly indicated in the respective parts of the Policy (e.g., payment operators, couriers, accounting offices). Data is not transferred further beyond the specified partners. A complete list of recipients is available upon your request.

  2. Documentation of Consent (Art. 7 section 1 of the GDPR): Every consent you give to data processing (e.g., newsletter subscription, acceptance of cookies) is registered and archived by us. You have the right to withdraw it at any time, in the same simple manner in which it was given.

§8 Questions about the Policy

In case of questions regarding the Policy, please contact us. Our contact details are in § 1 section 3 of the Policy.

 

Part II – Data Processing on the Website and During Contact

 

§9 Contact with us via e-mail, mail, contact form, or telephone

Purpose of Processing Legal Basis Retention Period
Answering, Communication, Archiving Art. 6 section 1 letter f of the GDPR (legitimate interest, including archiving correspondence for evidentiary purposes). For the time needed to resolve the matter and the statute of limitations for claims.
Actions leading to contract conclusion Art. 6 section 1 letter b of the GDPR. For the duration of negotiations and the statute of limitations for claims.
Data Voluntariness: Yes, but necessary to resolve the matter or prepare an offer. Data Transfer: Hosting service providers, postal services, and couriers. Transfer outside the EEA: Not applicable.

 

§10 Account Registration on the Website

Purpose of Processing Legal Basis Retention Period
Registration and account maintenance Art. 6 section 1 letter b of the GDPR (performance of the electronic service contract). For the duration of the account agreement or until its termination/deletion.
Performance of sales contracts Art. 6 section 1 letter b of the GDPR (performance of the sales contract). For the time necessary to execute the contract and the statute of limitations for claims.
Legal obligations (tax, returns) Art. 6 section 1 letter c of the GDPR (fulfilling a legal obligation). For the time required by tax law and remote contract withdrawal regulations.
Direct marketing and content matching Art. 6 section 1 letter f of the GDPR (legitimate interest – marketing of own products). Until an objection is raised or marketing activities cease.
Data Voluntariness: Yes, but required to conclude the account and sales agreements. Data Transfer: Hosting, accounting offices, payment operators, post/couriers, marketing tool providers. Transfer outside the EEA: Not applicable.

 

§11 Purchases without Registration on the Website

Purpose of Processing Legal Basis Retention Period
Performance of the sales contract Art. 6 section 1 letter b of the GDPR. For the time necessary to execute the contract and the statute of limitations for claims.
Legal obligations (tax, returns) Art. 6 section 1 letter c of the GDPR. For the time required by tax law and remote contract withdrawal regulations.
Direct marketing Art. 6 section 1 letter f of the GDPR (legitimate interest – marketing of own products). Until an objection is raised or marketing activities cease.
Claim pursuit and defense Art. 6 section 1 letter f of the GDPR (legitimate interest – protection of rights). Until the statute of limitations for claims expires.
Data Voluntariness: Yes, but required to conclude the sales agreement. Data Transfer: Hosting, accounting offices, payment operators, post/couriers, marketing tool providers. Transfer outside the EEA: Not applicable.

 

§12 Newsletter Subscription

Purpose of Processing Legal Basis Retention Period
Sending marketing information (newsletter) Your consent (Art. 6 section 1 letter a of the GDPR) in connection with Art. 10 section 2 of the Act on the provision of electronic services. Until consent is withdrawn or an objection is raised.
Analyzing newsletter effectiveness (read rate, clicks) Art. 6 section 1 letter f of the GDPR (legitimate interest – optimizing marketing activities). Until an objection is raised.
Data Voluntariness: Yes, but necessary to receive the newsletter. Data Transfer: Newsletter tool providers, marketing agencies. Transfer outside the EEA: Not applicable.

 

Part III – Our Social Media Profiles

 

§13 Joint Control and Use of Social Media Profiles

  1. In connection with running our social media profiles (e.g., Facebook, Instagram), we inform you that concerning data processing for statistical and advertising purposes, we are joint controllers of your personal data along with the provider of the given platform (e.g., Meta Platforms Ireland Ltd. for Facebook and Instagram).

  2. Details of Joint Control: The rules for dividing responsibilities between us and Meta Platforms Ireland Ltd. are set out in the Page Controller Addendum, which you can view on Meta's website. We enable you to exercise your rights directly through our contact whenever possible.

Purpose of Processing Legal Basis Retention Period
Communication, Discussion (comments, messages) Art. 6 section 1 letter f of the GDPR (legitimate interest – conducting dialogue with users). For the time necessary to conduct the discussion or until an objection is raised.
Marketing and Statistics Art. 6 section 1 letter f of the GDPR (legitimate interest – optimizing content and promoting the Website). Until an objection is raised.
Data Voluntariness: Yes. However, due to platform rules, we will see your nickname/name and profile picture. Data Transfer: Social media providers. Transfer outside the EEA: Not applicable.

 

Part IV – Cookies and Related Data Processing Obligations

 

§14 Principles of Using Cookies

  1. Accessing the Website involves our processing of information contained in cookies.

  2. Consent Requirement: The use of cookies other than those strictly necessary requires your conscious and active consent, which you express using the available mechanism on the Website.

  3. Consent Management Mechanism (CMP): The actual compliance depends on implementing a CMP that must:

    • Not run any cookies (except strictly necessary ones) before obtaining consent.

    • Ensure an easy option to reject all cookies with a single click.

    • Allow consent withdrawal at any time in the same simple manner it was given.

  4. Strictly Necessary Cookies: These are necessary for the Website's proper functioning (e.g., session maintenance, basket) and are processed based on Art. 6 section 1 letter b of the GDPR.

§15 Types of Cookies and Deletion

Purpose of Processing Legal Basis Characteristics
Functional and Preferential Your Consent (Art. 6 section 1 letter a of the GDPR) Allows customizing the appearance of the Website to your preferences.
Analytical Your Consent (Art. 6 section 1 letter a of the GDPR) Helps us measure effectiveness and improve the Website.
Marketing (Remarketing) Your Consent (Art. 6 section 1 letter a of the GDPR) Enables displaying our ads to you on other websites.
Withdrawal of Consent: You can withdraw consent for cookies at any time by changing the settings in the Website's cookie banner or through your browser settings.
Deleting Cookies: You can find information on how to delete cookies in your web browser settings.
External Cookies: The Website may use third-party cookies (e.g., Google Analytics, Social Media tools – only upon obtaining consent). These are also subject to the obligation of obtaining your consent.