Privacy Policy

The privacy policy for the Lunoflora.eu online store outlines the rules for data privacy and the use of cookies.

Administrator and Legal Basis:

• The administrator of personal data for the Lunoflora.eu online store is Jakub Chachlowski, located at Mazowiecka 6, 43-410 Bielsko-Biała, with NIP: 9372770058 and REGON: 541432249.
• Data collected by the Administrator is processed based on the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of 27 April 2016), the current Personal Data Protection Act, and the Act of 18 July 2002 on the provision of electronic services.
• The primary legal basis for processing customer personal data is the necessity to perform a contract to which the customer is a party or to take steps at the customer’s request before entering into a contract (Art. 6 sec. 1 lit. b) GDPR).
• With separate consent (Art. 6 sec. 1 lit. a) GDPR), data may also be processed for sending commercial information electronically or for direct marketing via telephone calls.
• For newsletter subscriptions, personal data is processed to send marketing content, based on the necessity to perform the newsletter agreement (Art. 6 sec. 1 lit. b GDPR). Consent for newsletter processing can be withdrawn at any time.
• Other purposes for processing personal data may include: fulfilling a legal obligation of the Administrator (e.g., tax or accounting regulations, Art. 6 sec. 1 lit. c) GDPR) [8a], or for legitimate interests pursued by the Administrator or a third party (e.g., establishing, pursuing, or defending claims, conducting correspondence, market and statistical analysis, Art. 6 sec. 1 lit. f) GDPR) [8b].
• Data collected and used are processed only when one of the following conditions is met: consent has been given; data is needed for contract performance (e.g., product purchase); legal obligations must be complied with; vital interests need protection; data is essential for public interest; or there is a legitimate interest in processing the personal data.

Data Collection and Protection:

• The Administrator collects information provided voluntarily by customers. However, providing specified personal data is a condition for placing an order, and failure to provide it will result in the inability to order products.
• The Administrator may record connection parameters such as IP addresses for technical purposes related to server administration, for collecting general statistical demographic information (e.g., region of connection), and for security purposes.
• The Administrator takes special care to protect the privacy and information provided by customers, implementing appropriate technical, programming, and organizational measures to secure processed data against unauthorized access, disclosure, loss, destruction, unauthorized modification, and processing in violation of applicable law.
• Personal data is processed in accordance with the principles of Art. 5 GDPR: lawfully, fairly, and transparently; collected for specific, explicit, and legitimate purposes; adequate, relevant, and limited to what is necessary; accurate and updated; stored no longer than necessary for the purposes for which it is processed (with exceptions for public interest archiving, research, or statistical purposes under Art. 89 sec. 1 GDPR); and processed in a manner ensuring appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
• Customer personal data may be transferred outside the European Economic Area, specifically to the United States (USA) or other countries where Google or collaborating entities maintain tools for processing personal data, as the Administrator uses tools provided by companies like Google to support its operations.

Types of Data Collected and Recipients:

• The Administrator may process the following personal data necessary for establishing, shaping, changing, or terminating a legal relationship regarding electronically provided services: customer’s surname and given names, residential address, correspondence address (if different), electronic addresses, IP address, and information about the web browser and device used to view the online store.
• Recipients of customer data may include entities fulfilling orders and handling them on behalf of the Seller, such as: shipping companies, accounting firms, goods suppliers, IT solution providers, payment processing companies, banks, marketing service providers, warehousing service providers, telecommunication service providers, law firms, and authorized state authorities.
• Data is transferred to verified partners collaborating in areas necessary for the sale of products purchased by customers.
• The entity providing online payment services is PayPro S.A., ul. Pastelowa 8, 60-198 Poznań. The store offers fast online payments via Przelewy24, providing a wide choice of payment methods.

Your Rights and Data Breaches:

• Due to the voluntary nature of providing personal data, customers have the right to: access their personal data (Art. 15 GDPR), rectify their personal data (Art. 16 GDPR), erase their personal data (“right to be forgotten” – Art. 17 GDPR), restrict the processing of their personal data (Art. 18 GDPR), data portability (Art. 20 GDPR), and object (Art. 21 GDPR).
• If data processing is found to violate GDPR provisions, customers have the right to lodge a complaint with the President of the Personal Data Protection Office.
• Consent to data processing can be withdrawn at any time, with future effect, without affecting the lawfulness of processing carried out by the Administrator based on consent before its withdrawal.
• In case of a personal data breach, the Administrator reports it to the supervisory authority (President of the Personal Data Protection Office) without undue delay, no later than 72 hours after detection, unless the breach is unlikely to result in a risk to the rights or freedoms of natural persons. If the breach may result in a high risk to rights or freedoms, the Administrator also notifies the data subject without undue delay.

Cookie Policy:

• The Seller uses cookies, which are IT data, especially text files, stored on user devices for using websites.
• Cookies used by the Administrator are safe for user devices, and cannot introduce viruses or malicious software. They allow identification of user software and adaptation of services. Cookies typically contain the domain name from which they originate, their storage time on the device, and an assigned value.
• Types of cookies based on purpose:
  • Essential cookies: necessary for proper website functioning, processed based on the administrator’s legitimate interest (Art. 6 sec. 1 lit. f GDPR) [15a].
  • Statistical cookies: allow website traffic analysis, understanding user preferences, analyzing behavior, and enabling interactions with external networks and platforms, processed based on voluntary user consent (Art. 6 sec. 1 lit. a GDPR) [15b].
  • Marketing cookies: allow tailoring displayed ads and content to user preferences and conducting personalized marketing campaigns, processed based on voluntary user consent (Art. 6 sec. 1 lit. a GDPR) [15c].
• Cookies may be used by advertising networks, particularly the Google network, to display ads tailored to how the user uses the website. Information about the user’s navigation path or time spent on a page may be saved for this purpose.
• Users can view and edit information from cookies regarding their preferences collected by the Google advertising network using the tool at https://www.google.com/ads/preferences/.
• Users can independently change cookie settings at any time to define storage conditions or access by cookies to their devices. This can be done through internet browser settings or service configuration, allowing users to block automatic cookie handling or be informed about each cookie placement.
• Detailed information on managing cookies, including disabling them in specific browsers (Firefox, Chrome, Safari, Internet Explorer / Microsoft Edge), can be found in the browser’s help file (F1 key) or specific subpages.
• Limiting cookie usage may affect some functionalities available on the website.
• The service also collects external cookies, or “third-party cookies,” from external servers.
• The Administrator uses services such as Google Analytics (provided by Google Inc.) and Google Ads (provided by Google Ireland Ltd.) to optimize ad display, remarketing, and promote the service.
• The Administrator reserves the right to change this Privacy and Cookies Policy.

Contact Information:

• Email: kontakt@lunoflora.eu
• Phone: 500-789-988

Think of this privacy policy as a digital blueprint that maps out how Lunoflora.eu handles your personal information and online interactions, much like a building’s blueprint details its structure, security measures, and utility connections, ensuring everything operates in an organized and secure manner.