Privacy Policy

TABLE OF CONTENTS:

GENERAL PROVISIONS
BASIS FOR THE PROCESSING OF DATA
PURPOSE, BASIS AND PERIOD OF PROCESSING DATA IN THE ONLINE SHOP
DATA RECIPIENTS IN THE ONLINE SHOP
PROFILING IN THE ONLINE SHOP
THE RIGHTS OF THE DATA SUBJECT
COOKIES IN THE ONLINE SHOP AND ANALYTICS

1.1. This Online Shop Privacy Policy is of informative nature, which means that it is not a source of obligations for Service
Recipients or Customers of the Online Shop. The Privacy Policy contains, above all, the principles concerning the
processing of data by the Controller in the Online Shop, including the basis, purpose, scope and period of personal data
processing and the rights of data subjects as well as information regarding the use of cookies and analytical tools in the
Online Shop.
1.2. The Controller of the personal data collected via the Online Shop shall be IGA PALARSKA, running a business under the
name HOME OF NATURE, CLARE BLANC - IGA PALARSKA entered into the Central Registration and Information on
Business of the Republic of Poland run by the Minister of Economy, having: the address of the business place: ul. Górnych
Wałów 16/7, 44-100 Gliwice, Poland; and the delivery address: Hamernia 31D, 30-145 Kraków, Poland, tax identification
number: 5130013423, national economy register (REGON) number 241187032, e-mail address: info@clare.pro, telephone
number: 692614073 – hereinafter referred to as “Controller” and being simultaneously the Service Provider of the Online
Shop and the Seller.
1.3. Personal data in the Online Shop shall be processed by the Controller in accordance with the binding legal regulations, in
particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection
of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as “GDPR” or “GDPR Regulation”. The
official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679 .
1.4. Using the Online Shop, including shopping, is voluntary. Similarly, providing personal data by the Service Recipient or the
Customer using the Online Shop is voluntary, subject to two exceptions: (1) entering into contracts with the Controller –
failure to provide the personal data necessary for the conclusion and performance of the Sales Contract or a contract for
the provision of an Electronic Service with the Controller in the cases and within the scope indicated on the website of the
Online Shop and the Terms and Conditions of the Online Shop and this Privacy Policy shall result in no possibility to enter
into the contract. Providing personal data is a contractual requirement in such a case and if the data subject is willing to
enter into the contract with the Controller, they shall be obligated to provide the required data. The scope of the data
required to enter into the contract is each time specified in advance on the website of the Online Shop and in the Terms
and Conditions of the Online Shop; (2) statutory obligations of the Controller – specifying the personal data is a statutory
requirement resulting from the commonly binding legal regulations obligating the Controller to process the personal data
(e.g. processing data to fiscal books and ledgers) and failure to specify the data will render it impossible for the Controller
to perform the obligations.
1.5. The Controller assures due diligence to protect the interest of persons being data subjects, in particular being responsible
and liable for and assuring that the data collected are: (1) processed in accordance with the Act; (2) collected for specific,
legal purposes and not subject to further processing inconsistent with the purposes; (3) correct as regards the subject
matter and adequate as regards the purpose of the processing; (4) stored in a form making it possible to identify the
people they apply to, no longer than it proves necessary to attain the purpose of processing and (5) processed in a
manner ensuring security of the personal data, including the protection against illicit or illegal processing or accidental
loss, damage or destruction, with the use of appropriate technical and organisational measures.
1.6. Taking into account the nature, scope, context and purpose of processing as well as the risk of breaching the rights or
freedoms of natural persons with varied likelihood and degree of threat, the Controller is implementing appropriate
technical and organisational measures so that the processing takes place pursuant to the Regulation and it is possible to
show it. The measures are reviewed and updated, as necessary. The Controller applies technical measures preventing the
acquisition and modification of personal data sent electronically by unauthorised persons.
1.7. Any words, phrases and acronyms used in this privacy policy starting with a capital letter (e.g. Seller, Online Shop,
Electronic Service) shall be understood in accordance with the definition contained in the Terms and Conditions of the
Online Shop available on the websites of the Online Shop.

BASIS FOR THE PROCESSING OF DATA
2.1. The Controller is authorised to process the personal data in cases, and to the extent, when at least one of the following
conditions is met: (1) the data subject consented to the processing of their data to one or more specified ends; (2)
processing is necessary for contract performance the data subject is a party to, or to take actions to the request of the
data subject, prior to contract conclusion; (3) processing is necessary to meet the legal obligation of the Controller; or (4)
processing is necessary for the needs resulting from the legally justified interests of the Controller or third party, except
for situations when the interests or basic rights and freedoms of the data subject override such interests and they require
personal data protection, especially when the data subject is a child.
2.2. The processing of personal data by the Controller each time requires having at least one basis indicated in item 2.1 of the
privacy policy. Specific bases for processing personal data of the Service Recipients or the Customers of the Online Shop
by the Controller are specified in the following point of the privacy policy – as regards the specific goal of processing
personal data by the Controller.

PURPOSE, BASIS AND PERIOD OF PROCESSING DATA IN THE ONLINE SHOP
3.1. Each time, the purpose, basis, and period as well as the recipients of personal data being processed by the Controller
result from actions undertaken by a given Service Recipient or Customer in the Online Shop.
3.2. The Controller may process the personal data in the Online Shop for the purposes, on the bases and within the periods as
follows:
Purpose of data processing Legal basis for processing data Period of data storage
The performance of the Sales
Contract or a contract for the
provision of an Electronic
Service or taking actions to the
request of the data subject,
prior to entering into the above
contracts.

Article 6, par. 1, point b) of the GDPR
Regulation (contract performance) –
the processing is required to perform
the Sales Contract of which the data
subject is party or to take action to the
request of the data subject, prior to
entering into the contract.

The data shall be stored for the period
necessary for the performance,
termination or expiry of the concluded
Sales Agreement or contract for the
provision of Electronic Services.

Direct marketing Article 6, par. 1, point f) of the GDPR
Regulation (legitimate interest of the
Controller) – the processing is required
for achieving the goals based on the
legitimate interest of the Controller
which includes upholding interests and
strengthening reputation of the
Controller and the Online Shop as well
as his commitment for increasing sales
of Products

The data shall be stored for the period of
the legitimate interest of the Controller,
however no longer than the period of
limitation of claims as regards the data
subject under the business activity of the
Controller. The period of limitation shall be
specified by legal provisions, in particular
the Civil Code (the basic period of
limitation in the case of claims related to
business activity amounts to three years,
and for a Sales Contract two years).
The Controller may not process the data
for the needs of direct marketing in the
case of expressing clear objection in this
field by the data subject.

Marketing Article 6, par. 1, point a) of the GDPR
Regulation (consent) – the data subject
expressed the consent to process its
personal data for marketing purposes
by the Controller

The data are stored until the data subject
withdraws the consent to further process
their data to that end.

Keeping tax books Article 6, par. 1, point c) of the GDPR
Regulation in relation with Article 86 §1
of Tax Ordinance Act, consolidated text
of 17 January 2017 (Journal of Laws of
2017 item 201) – the processing is
required for the Controller due to their
statutory obligations

The data shall be stored for the legally
required period, requesting the Controller
to store tax books (till the lapse of the
period of limitation of a tax obligation,
unless acts on taxes stipulate otherwise).

Determining, pursuing or
defence of claims on the side of
the Controller, or ones that
may arise as regards the
Controller

Article 6, par. 1, point f) of the GDPR
Regulation (legitimate interest of the
controller) – the processing is required
for the purposes resulting from the
legitimate interests of the Controller
which includes determining, pursuing
or defence of claims on the side of the
Controller, or ones that may arise as
regards the Controller

The data shall be stored for the period of
the legitimate interest of the Controller,
however no longer than the period of
limitation of claims against the Controller.
The period of limitation shall be specified
by legal provisions, in particular the Civil
Code (the basic period of limitation in the
case of claims against the Controller
amounts to six years).

Use of the Online Shop website
and ensuring its proper
functioning

Preparing statistics and
analysing the manner of the
data subject conduct on the
website of the Online Shop

Article 6, par. 1, point f) of the GDPR
Regulation (legitimate interest of the
controller) – the processing is required
for the purposes resulting from the
legitimate interests of the Controller
which includes preparing statistics and
analysing the manner of the data
subject conduct on the website of the
Online Shop in order to improve the
functioning of the Online Shop and
increase sales of Products

4. DATA RECIPIENTS IN THE ONLINE SHOP

4.1. For the needs of proper Online Shop functioning, inclusive of the performance of the Contracts of Sale entered into, it
shall be necessary for the Controller to make use of external companies’ services (e.g. software provider, courier, or
payment system provider). The Controller uses solely the services of such processing entities which ensure sufficient
guarantee to implement appropriate technical and organisational measures so that the processing meets the
requirements set out in the GDPR Regulation and protects the rights of data subjects.
4.2. The Controller may provide personal data to a third country, while the Controller ensures, that it shall only be a third
country which is considered to provide adequate level of protection – in accordance with the GDPR Regulation, and in the
case of other countries that the transfer will take place on the basis of standard data protection clauses. The Controller
ensures that the data subject has a right to get a copy of their data. The Controller provides personal data to a third
country only in case and scope necessary to execute a certain purpose of data processing consistent with this Privacy
policy.
4.3. Providing data by the Controller does not take place in every case and not to all the recipients or categories of recipients
defined in the privacy policy – the Controller provides the data only in the case it proves necessary to attain a given
purpose of personal data processing and solely within the necessary scope.
4.4. Personal data of the Online Shop Service Recipients or Customers may be provided to the following recipients or
categories of recipients:
1.1.1. carriers/forwarders/couriers/entities operating warehouses and/or responsible for shipping process – in the case of a
Customer who selects the Online Shop to deliver the Product by post or courier, the Controller makes the collected
Customer’s personal data available to the selected carrier, forwarder or agent performing shipment for the Controller,
and if the delivery is to be made from the external warehouse – to the entity operating warehouse and/or responsible for
shipping process – to the extent necessary to deliver the Product to the Customer.
1.1.2. e-payments or payment card service providers – in the case of a Customer who uses in the Online Shop the option of e-
payment or payment card, the Controller makes the collected Customer’s personal data available to the selected

payment service provider in the Online Shop for the Controller to the extent necessary to perform the payment of the
Customer.
1.1.3. loan providers/lessors – in the case of a Customer who selects in the Online Shop the option of payment method in
instalments or leasing, the Controller makes the collected Customer’s personal data available to the selected loan
provider or lessor providing the above payment services in the Online Shop to the order of the Controller to the extent
necessary for the payment service for the Customer.
1.1.4. service providers rendering for the Controller technical, IT or organisational solutions, making it possible for the
Controller to conduct a business, inclusive of the Online Shop and Electronic Services provided via it (in particular
computer software providers for the Online Shop, e-mail companies and hosting providers as well as software providers
for company management and technical aid for the Controller) – the Controller makes the collected personal data of the
Customer available to the selected provider operating to their order only in the case and to the extent necessary for
attaining a given purpose of data processing in accordance herewith.
1.1.5. accounting, legal and consulting services providers rendering for the Controller accounting, legal or consulting services
(in particular an accounting agency, law firm or debt collection company) – the Controller makes the collected personal
data of the Customer available to the selected provider operating to their order only in the case and to the extent
necessary for attaining a given purpose of data processing in accordance herewith.
1.1.6. providers of social plugins implemented in the Online Shop, of scripts and other similar tools enabling a person using
the Online Shop to download content from the providers of the said plugins (e.g. logging in using social network login
details) and for this purpose providing the providers with the personal data of the visitor, including also:
1.1.6.1. Facebook Ireland Ltd. – the Controller uses Facebook social plugins in the Online Shop (e.g. “Like it” or “Share” buttons
or logging in using Facebook login details) and therefore collects and discloses personal data of the Service Recipient
using the Online Shop to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the
extent and in accordance with the privacy principles available here: https://www.facebook.com/about/privacy/ (this
data may include information about activities in the Online Shop - including information about the device, the visited
websites, purchases, displayed ads and how to use the services - regardless of whether the Service Recipient has a
Facebook account and is logged in to Facebook).

5. PROFILING IN THE ONLINE SHOP
5.1. The GDPR Regulation obligates the Controller to inform about the automated decision-making process, including profiling
referred to in Article 22, par. 1 and 4 of the GDPR Regulation, and – at least in those cases – the vital information
concerning the decision-making process as well as the meaning and foreseeable consequences of processing for the
person being the data subject. Bearing in mind the above, the Controller specifies in this point of the privacy policy the
information concerning the possible profiling.
5.2. The Controller may use profiling in the Online Shop for direct marketing purposes, yet the decisions made on its basis by
the Controller do not concern the conclusion or rejection to conclude the Sales Contract, or the possibility to make use of
Electronic Services in the Online Shop. The result of profiling in the Online Shop may be e.g. discount for a given person,
sending a discount code, reminding about unfinished purchase process, sending Product offers, which may be related to
the interests or preferences of the person, or offering better conditions as compared with the standard offer of the
Online Shop. Regardless of profiling, the person makes decisions freely, whether they want to use the discount given, or
better conditions and buy a product in the Online Shop.
5.3. Profiling in the Online Shop consists in automatic analysis or forecast of the conduct of a given person on the website of
the Online Shop, e.g. by adding a given Product to the cart, browsing the page of a given product in the Online Shop, or
the analysis of the history of purchase in the Online Shop. The condition for such profiling is for the Controller to have the
personal data of the person, so that they can later send them e.g. a discount code.
5.4. The data subject shall have the right not to depend on the decision, which is only based on automated processing,
including profiling, and has some legal effects on the person or similarly affects them.

THE RIGHTS OF THE DATA SUBJECT
6.1. The right to access, rectify, restrict, erase or transmit – the data subject shall have the right to demand the Controller to
have access to their personal data, rectify, erase (“the right to be forgotten”) or restrict the processing and shall have the
right to object to the processing and transmit their data. Detailed conditions of the above rights shall be indicated in
Articles 1522 of the GDPR Regulation.
6.2. The right to withdraw the consent at any time – the person whose data are being processed by the Controller on the
basis of the consent given (pursuant to Article 6, par. 1, point a) or Article 9, par. 2, point a) of the GDPR Regulation), they
shall have the right to withdraw their consent at any time without any impact on the compatibility with the right to
process made based on the consent prior to the withdrawal.
6.3. The right to lodge a complaint with a supervisory body – the person whose data are being processed by the Controller
shall have the right to lodge a complaint with a supervisory body in a manner and mode specified in the provisions of the

GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland shall
be the President of the Office for Personal Data Protection.
6.4. The right to object – the data subject shall have the right, at any time, to lodge a complaint – for reasons related to their
particular situation – as regards the processing of their personal data based on Article 6, par. 1, point e) (public interest
or official authority) or f) (legitimate interest of the controller) in the case of profiling based on the provisions. The
Controller in such a case must stop processing the personal data, unless they show the existence of legally significant and
justified bases for the processing, overriding the interests, rights and freedoms of the data subject, or the bases for
determining, pursuing or defending the claims.
6.5. The right to object as regards direct marketing – in the case the personal data are being processed for the needs of direct
marketing, the data subject shall have the right, at any time, to lodge a complaint as regards the processing of their
personal data for the needs of such marketing, including profiling, to the extent to which the processing is related to
direct marketing.
6.6. To perform the rights mentioned in this point of the privacy policy, one may contact the Controller by sending them an
appropriate message in writing or via e-mail to the address of the Controller indicated at the beginning of the privacy
policy or using the contact form available on the Online Shop’s website.

7. COOKIES IN THE ONLINE SHOP AND ANALYTICS
7.1. Cookies are small pieces of text files sent by the server and saved at the visitor’s of the Online Shop (e.g. on the hard disk
of a computer, laptop, or smartphone’s memory card – depending on the type of device used by the Online Shop’s
visitor). Detailed information on Cookies as well as the history of their origin can be found e.g. at:
https://en.wikipedia.org/wiki/HTTP_cookie.
7.2. Cookies, which can be sent via the Online Shop website, can be divided into various types, according to the following
criteria:
With regard to the provider:
1) own (created by the
Controller’s Online Shop
website) and
2) belonging to other
persons/third parties (other
than the Controller)

With regard to the period of their
retention on the appliance of the
Online Shop’s visitor:
1) session cookies (stored till the
moment of closing of the
Website or a browser) and
2) persistent cookies (having
some expiration period,
defined by parameters of each
file or until they are removed
by hand)

With regard to the purpose of their
usage:
1) strictly necessary cookies
(enabling proper functioning of
the Online Shop website),
2) functional/preferential cookies
(enabling adjustment of the
Online Shop website to the
visitor’s preferences),
3) analytical and performance
cookies (collecting information on
the use of the Online Shop
website),
4) targeting, advertising or social
cookies (collecting information on
the visitor of the Online Shop
website in order to display
personalised advertisements to
such a person and for other
marketing activities, including
those performed on sites different
from the Online Shop website,
such as social networks).

7.3. The Controller may process information contained in Cookies during visiting of the Online Shop website for the following
specific purposes:
Purposes of using Cookies on the
Controller’s Online Shop website

Identification of the Service Recipients as logged in to the Online Shop and
showing them that they are actually logged in (strictly necessary Cookies)
Saving Products added to the cart to place an Order (strictly necessary
Cookies)

Saving data from the filled-in forms, questionnaires, or login data for the
Online Shop (strictly necessary Cookies and/or functional/preferential
Cookies)
Adjustment of the Online Shop website contents to individual preferences
of the Service Recipient (e.g. colours, font size, layout) and optimisation of
the use of the website (functional/preferential Cookies)
Keeping anonymous statistics presenting the visitor’s behaviours on the
Online Shop website (statistical Cookies)
Displaying and rendering of advertisements, limiting the number of ad views
and ignoring advertisements that the Service Recipient does not want to
see, measuring the effectiveness of advertisements and personalization of
ads, namely evaluating the conduct of visitors of the Online Store through
anonymous analysis of their activities (e.g. repeated visits on particular
pages, key words etc.) to create their profile and provide them with adverts
matching their interests, also when they visit other websites in the
advertising network of Google Inc. and Facebook Ireland Ltd. (marketing,
advertising and social Cookies)

7.4. It is possible to check which Cookie files are being sent in a given moment by the Online Shop website (including the
expiry period of Cookies and their provider). In the most popular web browsers, it can be done in the following ways:
In Chrome browser:
(1) in the address bar, click the
’locked’ icon on the left, (2) go to
the benchmark „Cookie files”.

In Firefox browser:
(1) in the address bar, click the
’shield’ icon on the left, (2) go to the
benchmark „Allowed” or „Blocked”,
(3) click the button „Tracking cookies
between websites”, „Tracing
elements of social networks or
„Content with tracing elements”

In Internet Explorer browser:
(1) Click „Tools” menu, (2) go to
„Internet options” benchmark, (3)
go to „General” benchmark, (4)
then go to „Settings”, (5) click the
button „Display files”

In Opera browser:
(1) in the address bar, click the
’locked’ icon on the left, (2) go to
the benchmark „Cookie files”.

In Safari browser:
(1) click menu „Preferences”, (2) go
to „Privacy” benchmark, (3) click the
button „Manage website data”

Independent of the browser used,
you can apply tools available e.g.
at: https://www.cookiemetrix.com/
or: https://www.cookie-
checker.com/

7.5. As a standard, most internet browsers on the market accept saving Cookies by default. Every person has the possibility to
specify the conditions of using Cookies in the browser settings. It means that one may, e.g. partially restrict (e.g.
temporarily) or fully disable saving Cookies – in the latter case it may have an impact on some functionalities of the
Online Shop (for instance it may prove impossible to go through the Order using the Order Form owing to failure to save
the Products in the cart in the course of subsequent stages of Order placement).
7.6. The browser settings concerning Cookies are essential as regards the consent to use Cookies by our Online Shop – in
accordance with the law, such consent may also be expressed in the browser settings. In view of lack of such consent,
change the browser setting accordingly as regards Cookies. Detailed information concerning the change in Cookies
settings and their individual removal in the most common browsers is available in the help section of the browser and the
following websites (click the link):

8. Chrome

9. Firefox

10. Internet Explorer

11. Opera

12. Safari

13. Microsoft Edge
13.1. The Controller may use Google Analytics, Universal Analytics services in the Online Shop, which are provided by Google
Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The services help the Controller to analyse the
frequency of visits in the Online Shop. The data collected are processed under the above services to generate statistics
helpful while administering the Online Shop. The data are of collective nature. Using the above services in the Online

Shop, the Controller collects such data as the sources and medium of acquiring visitors of the Online Shop and the
manner of their conduct on the website of the Online Shop, information concerning their devices and browsers used to
visit the website, IP and domain, geographical data and demographic data (age, sex) and interests.
13.2. It is possible to easily block sharing information with Google Analytics as regards the activity on the website of the Online
Shop – install to that end an opt-out add-on made available by Google Ireland Ltd. available at:
https://tools.google.com/dlpage/gaoptout?hl=pl.
13.3. Due to the possibility of the Controller using the advertising and analytical services provided by Google Ireland Ltd in the
Online Shop, Controller indicates that full information on the principles of data processing of visitors to the Online Shop
(including information stored in Cookies) by Google Ireland Ltd. is included in the privacy policy of Google services
available at the website address: https://policies.google.com/technologies/partner-sites.

14. FINAL PROVISIONS
14.1. The Online Shop may contain links to other websites. The Controller encourages that at the time of being transferred to
other websites, become familiar with the privacy policy. This privacy policy shall apply only to the Online