PRIVACY POLICY - Dulce de Amor

1.1 Administrator – Personal data administrator, Aleksandra Kądziołka, conducting business activity under the name “Aleksandra Kądziołka Distribution”, with a permanent place of business in Czernichów 32-070, with its registered office at ul. Parkowa 27, REGON 543025784, NIP 9442297585, contact: info.dulcedeamor@gmail.com, infoline: +48 [513210021].

1.2 Personal data - any information about an identified or identifiable individual, in particular name and surname, identification number, location data, online identifier or one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of an individual.

1.3 Cookies – IT data, in particular text files, which are located in browser directories and stored on the User's end device used to access the Website (e.g. laptop, computer, phone or tablet), and the stored information may be necessary for the proper functioning of the Website or helpful in collecting statistical data about the Website, e.g. about which pages were visited, which elements are downloaded, and data about the domain name of the internet service provider or the User's country of origin; the information about cookies contained in the Policy also applies to other similar technologies used on the Website.

1.4 Policy or Privacy Policy – this privacy policy; 

1.5 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). GDPR defines the rules for the processing of personal data of individuals, which are applied by the Controller.

1.6 EEA – European Economic Area – a free trade area and common market comprising the countries of the European Union and the European Free Trade Association, with the exception of Switzerland.

1.7 Website – the website operated by the Administrator at www.dulcedeamor.com.

1.8 User – any individual visiting the Website or using one or more of the Services described in the Policy.

1.9 Shopify – Shopify Inc. – a Canadian-based, internationally operating e-commerce company. Its headquarters are located in Ottawa, Ontario. It is also the name of a proprietary e-commerce platform for online stores and retail POS systems.

1.10 Privacy Policy – a document available on the Website, containing information about the processing of personal data and the use of cookies and similar technologies within the Shop and the Website.

1.11 Website – the website at www.dulcedeamor.com, on which AK Distribution operates the Shop. The Website is accessible both on computers and on mobile devices such as smartphones and tablets. 

1.12 Online Shop – the AK Distribution online shop accessible via the Website through which AK Distribution sells goods remotely.

2. Personal data

2.1. The Administrator operates the Online Shop and the Website, within which Users' personal data is processed. The privacy policy is available on the Website.

2.2. This Privacy Policy describes how the Administrator collects, uses and discloses Users' personal data when using the Service and the Website.

2.3. By using the Shop or the Website, the User confirms that they have read the Privacy Policy and understand the rules regarding the collection, use and disclosure of their data, as described below.

2.4. The Administrator processes Personal Data in accordance with the law, fairly and transparently for the persons to whom the Personal Data relates, and in a manner that ensures their adequate security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical and organisational measures.

2.5. The Administrator collects and processes data only for the purposes specified in the Policy and to the extent and for a period not longer than necessary for those purposes.

2.6. The Administrator collects and processes the following personal data in particular: first name, surname, address, invoice and delivery address, telephone number, e-mail address.

2.7. Within the scope of its business activities, including in relation to the Website or the Shop, the Administrator does not process special categories of personal data, namely Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data concerning the health, sexuality or sexual orientation of the data subject.

2.8.  In any matter relating to the processing of Personal Data, including the reporting of incidents affecting the security of Personal Data, please contact the Controller directly by telephone at +48 [513210021], by email at info.dulcedeamor@gmail.com or by post at ul. Parkowa 27, 32-070 Czernichów.

3. Purposes and legal basis for the processing of Personal Data

3.1.  Users' personal data, such as name and surname, e-mail address or telephone number, and other Personal Data provided by the User or obtained by the Administrator in connection with the User's use of the Website or Shop, are processed by the Administrator for the following purposes:

a) provision of on-line services by the Administrator via the Website,  Store, including the conclusion and performance of contracts in accordance with the General Terms and Conditions of Sale of the Online Store – in this case, the legal basis for the processing of Personal Data is the necessity to perform the contract (Article 6 par. 1 lit. b of the GDPR);

b) fulfilment of legal obligations imposed on the Administrator in connection with concluded contracts, e.g. due to the need to prove that the Administrator has fulfilled its information obligations towards the User who is a consumer or to consider complaints related to the operation of the Website or the Shop and the services provided – the legal basis for the processing of Personal Data is the fulfilment of a legal obligation incumbent on the Controller (Article 6 par. 1 lit. c of the GDPR);

c) responding to questions, requests and suggestions regarding the Website or Shop, which are sent by e-mail or reported by telephone - the legal basis for the processing of Personal Data is the legitimate interest of the Administrator (Article 6 para. 1 lit. f of the GDPR), consisting in the appropriate and timely consideration of Users' questions, requests and suggestions, including the adaptation of the Website or Shop to the needs of Users;

d) efficient operation, functioning and improvement of the Website or Shop and ensuring the security of use of the Website or Shop, including for analytical and statistical purposes, including the creation of anonymised reports and analyses of Users' preferences and activities – in this case, the legal basis for the processing of Personal Data is the legitimate interest of the Administrator (Article 6 para. 1 lit. f  of the GDPR), consisting in analysing Users' activities, including their preferences, in order to improve the quality of the functionalities used and the services provided, and to ensure the proper functioning of the Website or Store;

e) possible establishment and pursuit of claims or defence against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6 para. 1 lit. f of the GDPR).

3.2. Depending on how you use the Website and Shop, the Administrator processes Personal Data for the following purposes:

3.2.1. Provision, personalisation and improvement of services within the Administrator's Website and Shop;

3.2.2. Marketing and advertising;

3.2.3. Security and fraud prevention;

3.2.4. Communication and customer service. 

4. Sources of personal data

4.1 The Administrator obtains Personal Data from the following sources:

4.1.1 Directly from the User, in connection with the use of the Website and the Shop, in particular through registration or making a purchase

4.1.2 Automatically - when using the services, e.g. through cookies, device data or system logs;

4.1.3 From service providers - e.g. payment operators, logistics companies, IT and marketing partners who process data on behalf of the Administrator;

4.1.4 From business partners or third parties - e.g. advertising and analytics platforms.

5. Disclosure of personal data

5.1. Personal data may be disclosed by the Administrator to the following entities in the following cases:

5.1.1. Shopify, suppliers and technical partners - for the purpose of payment processing, shipping, data storage, analytics, security and customer support.

5.1.2. Business and marketing partners - e.g. Google, Meta - for advertising and analytics.

5.1.3. When integrating social media accounts or transferring data for shipping purposes; with the User's consent.

5.1.4. Entities affiliated with the Administrator - within the capital group.

5.1.5. For purposes justified by law, in particular at the request of a competent authority or court. 

6. Relationship with Shopify

6.1. The services provided by the Administrator within the Website and the Shop are hosted by Shopify, which collects and processes personal data relating to Users' activities in the Shop, in particular for the purpose of improving or enhancing the functioning of the Shop. Data is transferred to enable the Shop to function and to improve its features. The data that is provided to the Administrator is also provided to Shopify and may be processed in other countries, including outside the European Economic Area.

6.2. Shopify may combine User data from different shops and sellers to provide so-called extended analytics features. In such cases, Shopify is responsible for data processing.

6.3. To learn more about how Shopify uses your data, visit: https://privacy.shopify.com/en

7. External websites and links

7.1 The Administrator is not responsible for links to websites or platforms belonging to third parties available through the Shop and the Website, nor for the files and data contained on these websites. The Administrator recommends that you familiarise yourself with the data protection policies of each external website you visit.

8. Data storage period

8.1 Personal data will be processed and stored until the Administrator's specific legitimate interests are fulfilled, i.e. until the purpose for which it was collected is achieved, but not shorter than the duration of the contract, whereby this period may be extended each time by the limitation period for claims, if the processing of Personal Data is necessary for the Administrator to pursue any claims or to defend against such claims;

8.2 If the basis for processing is the Administrator's legitimate interest, Personal Data will be processed for the duration of that interest, unless the data subject objects to the processing of data for these purposes;

8.3 If the basis for processing is the legal obligations incumbent on the Administrator, Personal Data will be processed until the expiry of the obligation to store Personal Data resulting from the provisions. 

9. User rights

9.1 A person whose Personal Data is processed by the Administrator has the following rights:

a) the right to access Personal Data, i.e. the right to information about the processing of Personal Data, including the purposes, scope, manner and basis of processing, and to obtain a copy of such Personal Data,

b) the right to withdraw consent to the processing of Personal Data if the processing is based on consent,

c) the right to object to the processing of Personal Data to the extent that the basis for the processing of Personal Data is the Administrator's legitimate interest,

d) the right to request the rectification, erasure or restriction of the processing of Personal Data, 

e) the right to transfer Personal Data, i.e. to receive Personal Data from the Administrator in a structured, commonly used, machine-readable format,

f) the right to lodge a complaint with a supervisory authority, i.e. the President of the Personal Data Protection Office, if you consider that the processing of Personal Data violates the GDPR or other provisions on the protection of personal data.

9.2 In order to exercise the rights referred to above, please contact the Administrator directly in writing or electronically via e-mail at the address indicated in section 1.1 of the Policy.

9.3 If you withdraw your consent, your data will be deleted within 30 days of your request. A statement withdrawing consent to the processing of personal data may be submitted in writing by sending it to the Administrator's registered address with the note ‘personal data’ or electronically to the e-mail address: customer@dulcedeamor.com. To exercise your rights, please contact us at: customer@dulcedeamor.com

9.4 If your data is also processed by Shopify, you can exercise your rights via the portal: https://privacy.shopify.com/en

10. Complaints

10.1.  In case of doubts regarding the manner of personal data processing, the User has the right to:

10.1.1. contact the Administrator at: customer@dulcedeamor.com,

10.1.2. lodge a complaint with the local data protection supervisory authority - the President of the Personal Data Protection Office.

11. Data transfer outside the EEA

11.1 Personal data may be transferred, stored and processed outside the User's country of residence, including outside the European Economic Area (EEA) or the United Kingdom. In such cases, Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate mechanisms ensuring an adequate level of data protection are used.

12. Changes to the Privacy Policy

12.1  The Privacy Policy may be updated periodically in response to changes in regulations or our operational activities. Each new version of the Privacy Policy will be published on the website in the form of a PDF file with an updated “last modified” date.

COOKIES POLICY - Dulce de Amor 

1. Cookies and tracking technologies

1.1 The website may use cookies and similar technologies to ensure the proper functioning of the website, personalise content, analyse traffic, and conduct advertising and remarketing activities. Cookies may also be used by the Administrator's partners, e.g. analytical and advertising tools (Google, Meta). The user can manage cookie settings via their web browser. Restricting the use of cookies may cause difficulties in using the Website.

2. Cookies and server logs

2.1. During their first visit to the website, Users may consent to the use of cookies or change their settings themselves using the cookie banner displayed. Failure to consent may limit some of the Website's functionality.

2.2. The website uses cookies to ensure the proper functioning of the Website, to tailor content to user preferences, to analyse traffic and for marketing activities. Cookies do not affect the configuration of the user's device and are safe. There are several types of cookies, including:

2.2.1. Session cookies - these remain active until the browser is closed.

2.2.2. Permanent cookies - these are stored on the device for the time specified in the settings or until they are deleted.

2.3. The website may also store technical data and system logs, such as IP address, time of visit, browser type and operating system - solely for security and administrative purposes.

2.4. The user can manage cookies independently in the browser settings, including blocking or deleting cookies.

2.5. Data provided in contact forms is processed solely for the purpose of handling a given request or order.

2.6. Technical data and system logs are stored for a period resulting from the configuration of analytical tools and security requirements, no longer than is necessary for these purposes.