Privacy Policy
This document specifies the conditions for the processing of personal data (hereinafter also referred to as "data") and cookies in the area of the noesis.life website, operated via the website available at the URL address: noesis.life, hereinafter referred to as the "Website".
I. How to contact the data controller
The controller of personal data processed within the Service is NOESIS sp. z o. o. with its registered office in Warsaw (00-844) at ul. Grzybowska 87, entered into the Register of Entrepreneurs of the National Court Register under the KRS number: 0001103161, NIP: 5273110658 and REGON: 528497629.
You can contact the Data Controller via e-mail: kontakt@noesis.life.
II. On what basis do we process your data?
When collecting personal data, we always inform about the legal basis for their processing. It results from the provisions of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data and repealing Directive 95/46/EC - General Data Protection Regulation). When we inform about:
Article 6, point 1, letter a) of the GDPR – this means that we process personal data based on the consent received,
Article 6, point 1, letter b) of the GDPR – this means that we process personal data because they are necessary for the performance of the contract or to take action before its conclusion, upon request,
Article 6, point 1, letter f) of the GDPR – this means that we process personal data in order to pursue legitimate interests.
III. Information on data processing for the purpose of concluding and implementing contracts, pursuing possible claims and defending against them
1. We may process personal data necessary for the performance of the contract concluded with you. However, before its conclusion, we may process personal data necessary for taking action at your request. The processing of this data takes place on the basis of art. 6 point 1 letter b) of the GDPR.
2. During and after the performance of the contract, we process the personal data of its parties in order to consider and pursue claims. Our legitimate interest is, for example, the ability to respond to a potential complaint, to which we are obliged under separate provisions of civil law. In such a case, we will process personal data based on a legitimate interest, which is the defense against or pursuit of potential claims. The processing of this data takes place on the basis of art. 6 point 1 letter f) of the GDPR.
3. We will store this data for a period of time necessary to achieve specific goals, no later than the limitation period for claims arising from separate legal provisions.
4. You have the right to access your data, rectify it, delete it, limit its processing, the right to transfer data, as well as the right to lodge a complaint with the supervisory authority. In the event of data processing for the purpose specified in point 2, you also have the right to object to their processing.
5. Providing this data is voluntary, but failure to provide this data will make it impossible to conclude the contract or its implementation.
6. The recipients of this data are: our hosting provider, e-mail service provider, shipping service providers, accounting service providers and invoice software providers, electronic payment service providers, legal, advisory and debt collection service providers, and other service providers that we use for the specified purpose.
IV. Information on data processing for the purpose of sending the newsletter
1. We enable you to subscribe to our newsletter. If you have used this functionality, we process your personal data for the purpose of sending it. The newsletter may contain advertising, commercial or marketing content.
2. The processing of these data is carried out on the basis of Article 6 point 1 letter b) of the GDPR.
3. You have the right to unsubscribe from the newsletter at any time.
4. We will store your data until you unsubscribe from the subscriber list or until we stop sending the newsletter.
5. You have the right to access your data, rectify it, delete it, limit its processing, the right to transfer data, the right to object to its processing, and the right to lodge a complaint with the supervisory authority.
6. Providing this data is voluntary, but failure to provide this data will prevent the newsletter from being sent.
7. The recipients of this data are: our hosting provider, e-mail service provider and newsletter sending service provider.
V. Information on data processing for the purpose of sending notifications
1. We enable you to subscribe to the list of recipients of our notifications, displayed via a web browser. If you have used this functionality, we process your personal data for the purpose of sending it. Notifications may contain advertising, commercial or marketing content.
2. The processing of these data is based on your consent and therefore Article 6 point 1 letter a) of the GDPR.
3. You have the right to withdraw your consent at any time. However, the withdrawal of consent does not affect the lawfulness of previous data processing.
4. We will store your data until you withdraw your consent. If you never withdraw it, we will process your data until we stop sending you notifications.
5. You can withdraw your consent to data processing in your web browser.
6. You have the right to access your data, rectify it, delete it, limit its processing, the right to transfer data, as well as the right to lodge a complaint with the supervisory authority.
7. Providing this data is voluntary, but failure to provide this data will prevent the sending of notifications.
8. The recipients of this data are: our hosting provider and the advertiser.
VI. Information on data processing for direct marketing purposes and profiling
1. We may process your personal data for direct marketing purposes. This happens, for example, when we respond to your message by providing details of our offer.
2. For the purpose of direct marketing, we may use profiling, which involves automated decision-making on whether to display advertisements to you. This decision is made based on your actions on the Website, and in particular on the basis of concluded agreements or pages viewed. In practice, profiling supports the usability of our Website, allowing us to present you with content that may potentially interest you.
3. The processing of these data is carried out on the basis of Article 6 point 1 letter f) of the GDPR.
4. We will store your data for the time necessary to achieve the purpose.
5. You have the right to access your data, rectify it, delete it, limit its processing, the right to transfer data, the right to object to the processing of data, and the right to lodge a complaint with the supervisory authority.
6. You have the right not to be subject to profiling, unless you have given your consent. However, in such case, the basis for processing your data will be the consent granted (Article 6, point 1, letter a) of the GDPR), which you can withdraw at any time. In such case, your data will also be processed until the consent granted is withdrawn.
7. Providing this data is voluntary, and failure to provide this data will prevent the implementation of direct marketing activities.
8. The recipients of this data are: our hosting provider, e-mail service provider and advertising service provider.
VII. Information on data processing for security purposes
1. From the moment you launch our website, in order to ensure the security of our services, we process the following data:
· public IP address of the device from which the request came,
browser type and language,
date and time of inquiry,
· number of bytes sent by the server,
· the URL of the previously visited page, if the visit was made using this link,
· information about errors that occurred while processing the query.
2. Our legitimate interest in this processing is to maintain server event logs and secure the Service against potential hacker attacks and other abuses. This includes the ability to determine the IP address of a person performing an unauthorized activity in the Service area, such as an attempt to break security, or publication of prohibited content, or attempted unauthorized activities using our servers.
3. The processing of these data is carried out on the basis of Article 6 point 1 letter f) of the GDPR.
4. We will store this data for the period necessary to achieve the specified purposes, no later than the limitation period for claims arising from separate legal provisions.
5. You have the right to access your data, rectify it, delete it, limit its processing, object to its processing, and the right to lodge a complaint with the supervisory authority.
6. Providing this data is a condition for using the Service. Failure to provide this data will prevent you from using the Service.
7. The recipient of this data is our hosting provider.
VIII. Information on data processing for the purpose of product notification
1. The website has the functionality of sending a notification about a selected product to the e-mail address entered by the user.
2. Our legitimate interest in this processing is to fulfil the user's request and subsequently to secure the Website against potential abuse.
3. The processing of these data is carried out on the basis of Article 6 point 1 letter f) of the GDPR.
4. We will store this data for the period necessary to achieve the specified purposes, no later than the limitation period for claims arising from separate legal provisions.
5. The data subject has the right to access their data, rectify it, delete it, limit its processing, object to its processing, and the right to lodge a complaint with the supervisory authority.
6. Providing this data is a condition for sending the notification. Failure to provide this data will prevent this action.
7. The recipient of this data is our hosting provider.
IX. Information about data recipients
When processing personal data, we use external services. Therefore, the recipients of your personal data may be third parties. When collecting personal data, we always inform about these recipients, but due to the priority of readability of the message, we do it briefly. Therefore, we hereby explain that when we inform about individual categories of recipients, these are the following entities:
Transport service provider / couriers: Logistiko Sp. z oo, Balicka 12A/B4, 30-149 Krakow; DPD Polska Sp. z oo, ul. Mineralna 15, 02-274 Warsaw; DHL Parcel Sp. z oo, ul. Osmańska 2, 02-823 Warsaw; General Logistics Systems Poland Sp. z oo, ul. Tęczowa 10, Głuchowo, 62-052 Komorniki; InPost SA, ul. Wielicka 28, 30-552 Krakow.
Hosting provider: Hostinger International Ltd., 61 Lordou Vironos str., 6023 Larnaca, Cyprus.
Email Service Provider: Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States.
Accounting service provider: Finerto Law and Tax Office Sp. z o. o., ul. Jana Michała Hubego 7/3, 87-100 Toruń
· Invoice processing software provider: Fakturownia Sp. z o. o., ul. Juliana Smulikowskiego 6/8, 00-389 Warsaw.
· Legal/consulting/debt collection service provider – these service providers are appointed individually, as each need arises.
· Newsletter sending service provider: Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L8, Canada.
Electronic payment service provider: Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA; PayPro SA, ul. Pastelowa 8, 60-198 Poznań; Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, ON, K2P 2L8, Canada.
X. Information on data transfer to third countries
1. Due to the fact that we use the services of other suppliers, your personal data may be transferred outside the European Economic Area, namely to the country: United States of America (USA).
2. The European Commission has determined that some countries outside the European Economic Area (EEA) adequately protect personal data.
3. Since the country to which we transfer personal data has not been considered a safe country, the data is transferred on the basis of an agreement containing standard data protection clauses adopted by the European Commission.
4. Additionally, since the country to which we transfer personal data has not been considered a safe country, and the data is transferred to Stripe Inc.; Google Inc.; Shopify Inc., the security of this data is ensured by the membership of Stripe Inc., Google Inc. and Shopify Inc. in the Data Privacy Framework.
XI. Absolute rights of persons whose data are processed
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of using the rights below is independent of the legal basis for the processing of personal data.
The right to access data
You have the right to obtain from us confirmation as to whether we process personal data concerning you. If so, you have the right to access this data, as well as to receive additional information about:
· processing purposes,
categories of relevant data,
· the recipients or categories of recipients to whom the data have been or will be disclosed, in particular recipients in third countries or international organisations,
· if possible, the planned period for which the data will be stored and, if this is not possible, the criteria for determining this period,
the right to request that we rectify, delete or limit the processing of your data, to object to such processing, and the right to lodge a complaint with the supervisory authority,
the source of the data, if your data was not collected from you,
automated decision-making, including profiling, and the principles behind it, as well as the significance and envisaged consequences of such processing for you.
Upon receipt of such a request, we are required to provide a copy of the personal data being processed. If such a request is received electronically and unless we receive a different objection, we will also provide the information electronically.
The right to rectify data
You have the right to request that we immediately rectify any personal data concerning you that is incorrect. Taking into account the purposes of processing, you have the right to request that incomplete personal data be supplemented, including by providing an additional statement.
The right to have your data deleted (to be forgotten)
You have the right to request that we delete your personal data without delay. We are then obliged to delete your personal data without undue delay if one of the following circumstances applies:
you have withdrawn your consent to the processing of your personal data and we have no other basis for processing them,
you have successfully objected to the processing of your data,
· Your personal data was processed unlawfully,
Your personal data must be deleted in order to comply with a legal obligation,
Your data has been collected in connection with the provision of information society services.
The right to restrict processing
You have the right to request that we restrict processing in the following cases:
when you question the accuracy of the data – for a period allowing us to check its accuracy,
the processing is unlawful and you oppose the deletion of the data, requesting instead the restriction of their use,
we no longer need personal data for processing purposes, but you need them to establish, pursue or defend legal claims,
you have objected to the processing of your data – until it is determined whether the legally justified grounds on our side override the grounds for your objection.
Automated decisions, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar manner.
The law does not apply if this decision:
is necessary for the conclusion or performance of a contract between you and us,
is permitted by EU law or the law of the Republic of Poland and which provides appropriate measures to protect your rights, freedoms and legitimate interests, or
· is based on your explicit consent.
The right to file a complaint
You have the right to lodge a complaint in relation to the processing of your personal data with the supervisory authority: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00, fax. 22 531 03 01, e-mail: kancelaria@uodo.gov.pl.
XII. Relative rights of persons whose data are processed
When we write about the rights related to the processing of your personal data, we refer to the rights described below. The possibility of exercising them is always dependent on the legal basis for the processing of personal data.
The right to withdraw consent to processing
In the event that we process your personal data based on your consent, you have the right to withdraw your consent at any time. Naturally, the withdrawal of consent does not affect the lawfulness of the previous processing of personal data.
The right to data portability
You have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this personal data to another controller without hindrance from us, if the processing is carried out:
· on the basis of consent or on the basis of an agreement, and
in an automated manner.
When exercising the right to data portability, you have the right to request that personal data be sent by us directly to another controller, provided that this is technically feasible. This right must not adversely affect the rights and freedoms of others.
The right to object
Where we process your personal data pursuant to Article 6(1)(f) of the GDPR, you have the right to object to the processing of such data for reasons relating to your particular situation.
We are then no longer allowed to process this personal data unless we can demonstrate the existence of:
valid, legitimate grounds for processing, which must override your interests, rights and freedoms, or
· grounds for establishing, pursuing or defending claims.
Also, if you object to the processing of your personal data for direct marketing purposes, we will not be able to process it for such purposes.
XIII. Cookies - introduction
The Service website uses cookies. These are commonly used, small files containing a string of characters that are sent and saved on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting the Service. This information is sent to the memory of the browser used, which sends it back on subsequent visits to the website. We can categorize cookies using three methods of division.
In terms of the purposes of using cookies, we distinguish four categories:
necessary – necessary for the proper functioning of the website – files processed on the basis of the legitimate interest of the administrator (Article 6, paragraph 1, letter f of the GDPR);
functional – we use these cookies to enhance functionality and enable personalisation. These cookies may be set by us or by our third-party service providers whose digital services we have added. If you do not allow these cookies, some of these features may not function properly – cookies processed based on your voluntary consent (Article 6, paragraph 1, letter a of the GDPR);
· marketing - performance and analytical: they allow us to examine traffic on the website, learn about the preferences of our users, analyse their behaviour on the website and enable interactions with external networks and platforms - files processed based on the user's voluntary consent (Article 6, paragraph 1, letter a of the GDPR);
· marketing - advertising: allow us to adapt the displayed advertisements and content to the preferences of our users and to conduct personalised marketing campaigns - files processed based on the user's voluntary consent (Article 6, paragraph 1, letter a of the GDPR).
In terms of their validity period, we distinguish two categories of cookies:
· session files – existing until the end of a given session,
· persistent files – existing after the session ends.
In terms of differentiating the entity administering cookies, we distinguish:
our cookies,
· third party cookies.
All information regarding cookies used on our website can be found in the content of the instruction displayed in the area of the Service's website in the form of a cookie management tool.
XIV. Data administrator cookies
The cookies we administer allow you to:
· access authentication,
· maintaining the session after logging in,
· securing the Website against hacker attacks,
· "remembering" the content of fields in filled-out forms by the browser (optional),
· your browser “remembering” items you have added to your shopping cart.
This makes using the functionality of the Service easier and more enjoyable.
XV. Third Party Cookies
The use of third-party cookies is subject to the privacy and cookie policies of those entities.
We use cookies administered by Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States as part of the services:
Google Ads – advertising files used to conduct and evaluate the quality of advertising campaigns carried out using the Google Ads service,
Google Analytics – analytical files used to study user behavior and traffic and to prepare traffic statistics,
· Google Tag Manager – analytical files to manage advertising campaigns and measure their effectiveness.
Collected by Google Inc. are anonymous and aggregated. In particular, they do not contain features that identify (understood as personal data) users of the Service. Using the above services, we collect data such as sources of acquisition of users visiting the Service, as well as their behavior on the Service page, information about the devices and browsers they use, IP address, domain, demographic data (age, gender), interests and geographic data.
More information on this can be found here: https://policies.google.com/technologies/cookies?hl=pl
We use files administered by Meta Inc. 1 Hacker Way, Menlo Park, CA 94025, United States:
· Functional cookies used by Meta Inc. 1 Hacker Way, Menlo Park, CA 94025, United States. These files may be used to connect your account on the external social network Facebook with your account on the Service. These files may also be used to process your actions on Facebook using the "Share" or "Like" buttons. The processing of these actions may be public.
· Advertising pixel tags, used by Meta Inc. 1 Hacker Way, Menlo Park, CA 94025, United States. These are elements published in digital content and enable the recording of information, e.g. about activity on the website, as well as the evaluation of the effectiveness of advertisements. The Meta Inc. pixel tag can be managed via Facebook, in its user panel.
More information on this can be found here: https://www.facebook.com/policies/cookies/
LUCKY ORANGE
Creating statistics that help understand how Online Store Customers use websites via Lucky Orange, which is administered by Lucky Orange LCC based in Kansas, the Lucky Orange Privacy Policy is available at the following link: https://www.luckyorange.com/privacy.php
The use of third-party cookies is subject to the privacy and cookie policies used by those entities. The current policies of third parties in this regard can be found on the websites mentioned and here: https://www.e-regulaminy.pl/biuletyn/polityki-prywatnosci-i-plikow-cookies/.
XVI. Consent to the use of cookies and their management
With the exception of essential cookies, their processing is based on the user's consent.
Consent to the processing of cookies is voluntary and may be withdrawn at any time. However, please note that failure to consent to the use of certain cookies may result in limitations in the use of the Service and its functionality, or even prevent such use.
Consent to the processing of cookies may be granted:
· using software settings installed on the user's telecommunications terminal device,
by using the button containing a declaration of consent to the processing of cookies or confirmation of having read its terms,
· using the settings available in the website area.
XVII. Cache
When you use the Service's website, we can automatically use the cache installed on your device. Within local memory, it is possible to store data intersessionally, i.e. between subsequent visits to the Service's website. The purpose of using the cache is to speed up the use of the Service by eliminating situations in which the same data would be repeatedly downloaded from the Service, thus burdening the user's internet connection. The cache may also store data such as the login password.
XVIII. Links to other websites or software
The Service may contain links to other websites or software. We are not responsible for the privacy policy and cookie processing policies of these websites or software. We recommend that you read the privacy and cookie policies of these websites or software after entering them or before installing them.
XIX. Changes to the privacy and cookie policy
1. The privacy and cookie policy comes into force on the date of publication on the Service's website.
2. The Privacy and Cookies Policy is amended by publishing its new content on the Service's website.
3. Information about changes to the Privacy and Cookies Policy is published in the area of the Service's website no later than 3 days before the date on which its new wording becomes effective.
