Privacy Policy

whitestorkminiatures.com

Table of Contents

  1. General Provisions
  2. Legal Basis for Data Processing
  3. Purpose and Scope of Data Collection and Data Recipients
  4. Profiling in the Online Store
  5. Rights of the Data Subject
  6. Cookies in the Online Store, Usage Data, and Analytics
  7. Data Security
  8. Data Retention Period
  9. Final Provisions

1. General Provisions

1.1. This Privacy Policy for the Online Store is informational, which means that it is not a source of obligations for Service Recipients or Customers of the Online Store. The Privacy Policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the legal basis, purposes, and scope of personal data processing, the rights of data subjects, as well as information on the use of cookies and analytical tools in the Online Store

1.2. The administrator of personal data collected through the Online Store is the company White Stork Miniatures registered as an individual business (billing address: Poprzeczna 28 05-200 Duczki); Tax Identification Number (NIP): 1250438146, National Business Registry Number (REGON): 526266771; email address: whitestork.miniatures@gmail.com, hereinafter referred to as the “Administrator,” which is also the Service Provider of the Online Store and the Seller.
1.3. Personal data in the Online Store are processed by the Administrator in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation can be found here: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by the Service Recipient or Customer using the Online Store is voluntary, with two exceptions: (1) concluding agreements with the Administrator – not providing the necessary personal data in the cases and to the extent specified on the Online Store’s website and in the Online Store’s Regulations and this privacy policy, required for the conclusion and performance of a Sales Agreement or an Electronic Service Agreement with the Administrator, will result in the inability to conclude such an agreement. Providing personal data is in this case a contractual requirement, and if the data subject wishes to conclude a specific agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude an agreement is indicated in advance on the Online Store’s website and in the Online Store’s Regulations; (2) pursuing a complaint or claim by the Service Recipient or Customer – providing personal data in order to pursue a complaint or claim by the Service Recipient or Customer is voluntary, but necessary to consider the complaint or claim by the Administrator. In the absence of the required data, it will not be possible to consider the complaint or claim. Providing personal data in this case is not a contractual requirement, but failure to provide it will result in the inability to consider the complaint or claim.
1.5. Personal data are processed in accordance with the scope of consents granted by the data subject and the scope of data processing resulting from the applicable law.
1.6. The Administrator takes special care to protect the interests of the data subjects and, in particular, ensures that the data collected by them are processed in accordance with the law, collected for specified, legitimate purposes, and not subjected to further processing incompatible with those purposes, not stored for longer than necessary, and processed in accordance with the law, and adequately secured.
1.7. In matters related to the processing of personal data, you can contact the Administrator via email at whitestork.miniatures@gmail.com or in writing at the Administrator’s mailing address indicated in point 1.2.
1.8. The Administrator represents that it will make every effort to ensure the privacy and protection of personal data provided to them, in particular, will protect personal data against access by unauthorized persons.
1.9. Definitions of terms: 1.9.1. Administrator – the company White Stork Miniatures registered as an individual business (billing address: 1.9.2. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); 1.9.3. Online Store – the website available at whitestorkminiatures.com, through which the Customer may, in particular, place Orders; 1.9.4. Customer – an entity for whom, in accordance with the Rules and Regulations and legal regulations, electronic services may be provided or with whom a Sales Agreement may be concluded; 1.9.5. Service Recipient – an entity for whom, in accordance with the Rules and Regulations and legal regulations, electronic services may be provided or with whom a Sales Agreement may be concluded; 1.9.6. Rules and Regulations – these rules and regulations of the Online Store; 1.9.7. Administrator’s Regulations – regulations of the Online Store provided by the Administrator; 1.9.8. Online Service – a service provided electronically by the Service Provider to the Service Recipient through the Online Store; 1.9.9. Service Provider – the company White Stork Miniatures registered as an individual business (billing address: 1.9.10. Sales Agreement – a contract for the sale of Goods within the meaning of the Civil Code, concluded between the Customer and the Seller, the subject of which is the sale of Goods by the Seller to the Customer; 1.9.11. Goods – products presented in the Online Store, which may be the subject of a Sales Agreement; 1.9.12. Account – a panel created for the Customer on their behalf on the Online Store’s website, which allows the Customer to place Orders and manage their Orders; 1.9.13. Privacy Policy – this privacy policy of the Online Store.
1.10. The Privacy Policy sets out the rules for the processing and protection of personal data provided by Customers or other persons using the Online Store.
1.11. The Administrator reserves the right to amend the Privacy Policy for important reasons, i.e., changes in the applicable law, changes to the methods of data processing and protection, changes in the scope and purposes of data processing by the Administrator, affecting the interests of the data subjects. In the event of making changes to the Privacy Policy, the Administrator will inform about the changes on the Online Store’s website. 1.12. The Privacy Policy is an integral part of the Rules and Regulations of the Online Store.

2. Legal Basis for Data Processing

2.1. The administrator processes personal data on the following legal grounds: 2.1.1. If it is necessary for the performance of the contract or to take action at the request of the data subject before the conclusion of the contract (Article 6(1)(b) of the GDPR). The legal basis for data processing under this title is the necessity to process data to take action at the request of the data subject before concluding the contract, as well as the necessity to process data to perform the contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract. Personal data is processed by the Administrator in the Online Store in connection with: 2.1.1.1. registration and use of the Account in the Online Store (account registration requires the provision of personal data necessary to create an Account, i.e., first name, last name, email address, password, and acceptance of the Regulations); the legal basis for data processing is the necessity of data processing for the performance of the contract for the provision of the Online Service – creation and maintenance of the Account (Article 6(1)(b) of the GDPR); 2.1.1.2. conclusion and performance of a Sales Agreement or an Electronic Service Agreement in the Online Store (conclusion and performance of the Sales Agreement requires the provision of personal data necessary to conclude and perform the agreement, i.e., first name, last name, email address, delivery address, and, if applicable, the invoice address, telephone number); the legal basis for data processing is the necessity of data processing for the performance of the Sales Agreement to which the data subject is a party or to take action at the request of the data subject before concluding the contract (Article 6(1)(b) of the GDPR); 2.1.1.3. pursuing complaints or claims – data processing is necessary to consider the complaint or claim – the legal basis for data processing is the necessity of data processing to perform the Sales Agreement to which the data subject is a party or to take action at the request of the data subject before concluding the contract (Article 6(1)(b) of the GDPR); 2.1.1.4. handling the Account in the Online Store – data processing is necessary for the provision of electronic services – the legal basis for data processing is the necessity of data processing to perform the contract for the provision of electronic services (Article 6(1)(b) of the GDPR); 2.1.2. If the data subject has given their consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) of the GDPR), e.g., for marketing purposes or the transmission of commercial information. 2.1.3. If it is necessary to fulfill the legal obligation to which the administrator is subject (Article 6(1)(c) of the GDPR), such as issuing and storing invoices and accounting documents, as well as for tax and accounting purposes.

2.2. Personal data processing for purposes other than those indicated in point 2.1 requires the consent of the data subject, unless the law authorizes the Administrator to process personal data without the need to obtain consent. The legal basis for data processing is then the provision of applicable law allowing data processing.

3. Purpose and Scope of Data Collection and Data Recipients

3.1. The scope of personal data of Customers or Service Recipients processed by the Administrator includes: 3.1.1. first and last name; 3.1.2. email address; 3.1.3. telephone number; 3.1.4. delivery address (street, building number, apartment number, postal code, city, country), if it is different from the address of residence or the registered office; 3.1.5. address of residence or registered office (if it is different from the delivery address); 3.1.6. tax identification number, if the Customer or Service Recipient wishes to receive a VAT invoice; 3.1.7. IP address; 3.1.8. order history.

3.2. The purpose, scope, and recipients of personal data processed by the Administrator result from actions taken by the Customer or Service Recipient in the Online Store. 3.2.1. If the Customer or Service Recipient places an Order in the Online Store, the Administrator will process the following personal data of the Customer or Service Recipient: first and last name, delivery address (street, building number, apartment number, postal code, city, country), if it is different from the address of residence or the registered office, email address, telephone number. The purpose of processing this data is to perform the Sales Agreement, and the recipient of this data will be the Seller. Providing this data is voluntary, but necessary to place an Order. Failure to provide this data will result in the inability to place an Order. 3.2.2. If the Customer or Service Recipient wishes to receive a VAT invoice, the Administrator will process the following personal data of the Customer or Service Recipient: first and last name, tax identification number, delivery address (street, building number, apartment number, postal code, city, country), if it is different from the address of residence or the registered office. The purpose of processing this data is to issue a VAT invoice, and the recipient of this data will be the Seller. Providing this data is voluntary, but necessary to receive a VAT invoice. Failure to provide this data will result in the inability to receive a VAT invoice. 3.2.3. If the Customer or Service Recipient creates an Account in the Online Store, the Administrator will process the following personal data of the Customer or Service Recipient: first and last name, email address, password, and, if applicable, tax identification number. The purpose of processing this data is to create and maintain an Account, and the recipient of this data will be the Administrator. Providing this data is voluntary but necessary to create and maintain an Account. Failure to provide this data will result in the inability to create and maintain an Account. 3.2.4. If the Customer or Service Recipient subscribes to the newsletter service, the Administrator will process the email address. The purpose of processing this data is to send commercial information by electronic means. The recipient of this data will be the Administrator. Providing this data is voluntary but necessary to subscribe to the newsletter service. Failure to provide this data will result in the inability to subscribe to the newsletter service. 3.2.5. If the Customer or Service Recipient contacts the Administrator via the contact form or by email, the Administrator will process the email address and any personal data included in the message. The purpose of processing this data is to contact the Customer or Service Recipient and to answer their question. The recipient of this data will be the Administrator. Providing this data is voluntary but necessary to contact the Administrator and receive a response to the question. Failure to provide this data will result in the inability to contact the Administrator and receive a response.

3.3. The Administrator may process the following personal data of Customers or Service Recipients using the Online Store: first and last name, email address, telephone number, order history, and IP address for the following purposes: 3.3.1. To market the Administrator’s own products or services – for this purpose, the Administrator may use the email address and, with the consent of the Customer or Service Recipient, the telephone number. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the GDPR). 3.3.2. To conduct direct marketing – for this purpose, the Administrator may use the email address and, with the consent of the Customer or Service Recipient, the telephone number. The legal basis for data processing is the consent of the data subject (Article 6(1)(a) of the GDPR). 3.3.3. To implement the contract for the provision of electronic services consisting of maintaining the Account – for this purpose, the Administrator may process the first and last name, email address, and password of the Customer or Service Recipient. The legal basis for data processing is the necessity of processing to perform the contract for the provision of electronic services (Article 6(1)(b) of the GDPR). 3.3.4. To consider complaints or claims – for this purpose, the Administrator may process the first and last name, email address, and any personal data included in the complaint or claim. The legal basis for data processing is the necessity of data processing to perform the Sales Agreement to which the data subject is a party or to take action at the request of the data subject before concluding the contract (Article 6(1)(b) of the GDPR). 3.3.5. To ensure the security of services provided electronically, including to prevent fraud and abuse – for this purpose, the Administrator may process the IP address of the Customer or Service Recipient. The legal basis for data processing is the necessity of processing for the performance of the contract for the provision of electronic services (Article 6(1)(b) of the GDPR).

3.4. Personal data of Customers or Service Recipients may be transferred to the following recipients or categories of recipients: 3.4.1. Employees and associates of the Administrator – personal data of Customers or Service Recipients may be made available to employees and associates of the Administrator who need access to this data to perform their duties. 3.4.2. Entities providing courier services or intermediary services in the delivery of ordered Goods to the Customer or Service Recipient. 3.4.3. Entities providing electronic payment services, including payment card organizations, for the purpose of handling payments. 3.4.4. Entities providing accounting, tax, and legal services to the Administrator.

3.5. Personal data may be transferred to third countries (i.e., outside the European Economic Area), e.g., when using services provided by entities located in third countries. The transfer of data to third countries will always take place in accordance with the requirements of the GDPR, in particular through the use of appropriate safeguards, such as standard data protection clauses adopted by the European Commission.

4. Profiling in the Online Store

4.1. The Administrator may use profiling in the Online Store. Profiling involves the automated processing of personal data, consisting of the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or predict aspects of their work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

4.2. Profiling in the Online Store involves the processing of the following personal data of Customers or Service Recipients: first and last name, email address, telephone number, order history, and IP address.

4.3. Profiling in the Online Store is carried out for the following purposes: 4.3.1. To match the content of the website to the preferences of the Customer or Service Recipient. 4.3.2. To analyze and monitor the behavior of Customers or Service Recipients on the website. 4.3.3. For statistical purposes.

4.4. Profiling in the Online Store may result in the Customer or Service Recipient receiving personalized content, including personalized offers and product recommendations.

4.5. The legal basis for profiling in the Online Store is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting of providing Customers or Service Recipients with personalized content and improving the quality of services provided in the Online Store.

4.6. Profiling in the Online Store does not result in legal effects concerning the Customer or Service Recipient or significantly affecting their situation.

4.7. The Customer or Service Recipient has the right to object to profiling in the Online Store. To exercise this right, the Customer or Service Recipient should contact the Administrator via email at whitestork.miniatures@gmail.com or in writing at the Administrator’s mailing address indicated in point 1.2. In the event of an objection, the Administrator will stop processing the data for profiling purposes.

5. Rights of the Data Subject

5.1. The data subject has the right to access their personal data and the right to rectify, delete, limit processing, the right to data transfer, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.

5.2. If the data subject considers that the processing of their personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the President of the Office for the Protection of Personal Data.

5.3. In order to exercise their rights, the data subject should contact the Administrator via email at whitestork.miniatures@gmail.com or in writing at the Administrator’s mailing address indicated in point 1.2.

6. Cookies in the Online Store, Usage Data, and Analytics

6.1. Cookies are small text files sent by a website and stored on the user’s device (such as a computer, smartphone, or tablet) when the user visits a website. Cookies are used for various purposes, including ensuring the proper functioning of websites, improving user experience, and providing information to website owners about user behavior on their site.

6.2. The Online Store uses cookies to provide electronic services and to collect information about the use of the website by Customers or Service Recipients.

6.3. The entity placing cookies on the user’s device and accessing them is the Administrator.

6.4. The Online Store uses the following types of cookies: 6.4.1. Session cookies – these are temporary files that are stored on the user’s device until they log out, leave the website, or close the web browser. Session cookies are necessary for the proper functioning of certain features of the website. 6.4.2. Persistent cookies – these are stored on the user’s device for a specified period, which is determined by the cookie parameters or until they are deleted by the user. Persistent cookies are used to remember user preferences, such as language settings or login details. 6.4.3. First-party cookies – these are placed and accessed by the Administrator, and they are used for the proper functioning of the website and to collect analytics data. 6.4.4. Third-party cookies – these are placed and accessed by third-party companies, such as analytics providers or advertisers. Third-party cookies are used to collect data for analytics and marketing purposes.

6.5. The Online Store uses cookies for the following purposes: 6.5.1. To ensure the proper functioning of the website, including the functioning of the shopping cart and the order process. 6.5.2. To remember user preferences, such as language settings. 6.5.3. To collect anonymous analytics data about user behavior on the website, such as the number of visitors, the pages they visit, and the time spent on the website. This data helps improve the quality of the website and its content. 6.5.4. To display personalized content and ads to users based on their browsing history and interests.

6.6. By default, most web browsers allow the use of cookies. Users can change their browser settings to block or delete cookies. Blocking or deleting cookies may affect the functionality of the website and user experience.

6.7. The Online Store uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to analyze user behavior on the website. The information generated by the cookie about the use of the website (including the user’s IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for website operators, and providing other services related to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. Users can opt-out of Google Analytics by using the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

6.8. The Online Store may use remarketing or retargeting features provided by third-party companies, such as Google or Facebook. These features allow the Online Store to display personalized ads to users who have previously visited the website. Users can opt-out of remarketing or retargeting features by adjusting their ad settings on the respective platforms (e.g., Google Ads Settings or Facebook Ad Preferences).

7. Data Security

7.1. The Administrator takes special care to protect the interests of the data subjects, and in particular, ensures that the data collected by them are processed in accordance with the law, collected for specified, legitimate purposes, and not subjected to further processing incompatible with those purposes, not stored for longer than necessary, and processed in accordance with the law, and adequately secured.

7.2. The Administrator implements appropriate technical and organizational measures to ensure the security of personal data processed in the Online Store, appropriate to the risks and categories of data covered by the protection, and in particular, protects data against disclosure to unauthorized persons, takeover by an unauthorized person, processing in violation of applicable laws, and alteration, loss, damage, or destruction.

7.3. The Administrator ensures that personal data is accessed only by authorized persons and only to the extent necessary for the performance of their duties.

7.4. The Administrator regularly assesses the risk of violating the rights or freedoms of natural persons resulting from the processing of personal data and takes measures to minimize this risk.

7.5. In the event of a breach of personal data protection that is likely to result in a high risk to the rights and freedoms of natural persons, the Administrator will inform the data subject of the breach without undue delay, as well as the supervisory authority (the President of the Office for the Protection of Personal Data), unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

8. Data Retention Period

8.1. The Administrator retains personal data for the period necessary to achieve the purposes for which the data is processed, as well as to fulfill legal obligations, including those arising from tax and accounting regulations.

8.2. The retention period for personal data may vary depending on the purpose of processing and the category of data. For example: 8.2.1. Personal data processed for the purpose of performing the Sales Agreement will be retained for the duration of the Agreement and for the period necessary to consider any complaints or claims. 8.2.2. Personal data processed for marketing purposes will be retained for as long as the data subject has not objected to such processing or has not withdrawn their consent. 8.2.3. Personal data processed for tax and accounting purposes will be retained for the period required by tax and accounting regulations.

8.3. After the retention period has expired, personal data will be deleted or anonymized.

9. Final Provisions

9.1. The Online Store may contain links to other websites. The Administrator is not responsible for the privacy practices of these websites. Users should read the privacy policies of these websites to understand how their personal data is processed.

9.2. The Administrator may update this Privacy Policy from time to time to reflect changes in the law or the way personal data is processed in the Online Store. The updated Privacy Policy will be posted on the Online Store’s website, and the date of the latest revision will be indicated at the beginning of the document.

9.3. In matters related to the processing of personal data, you can contact the Administrator via email at whitestork.miniatures@gmail.com or in writing at the Administrator’s mailing address indicated in point 1.2.

9.4. This Privacy Policy is an integral part of the Rules and Regulations of the Online Store.