Contact
yumisu@yumisu.store
PRIVACY POLICY OF ONLINE STORE YUMISU.STORE
TABLE OF CONTENTS:
  1. GENERAL PROVISIONS
  2. PRINCIPLES OF DATA PROCESSING
  3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE SHOP
  4. DATA RECEIVER IN THE ONLINE SHOP
  5. PROFILE IN THE ONLINE SHOP
  6. RIGHTS OF THE DATA SUBJECT
  7. COOKIES AND ANALYZES OF THE ONLINE STORE
  8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1.This online store privacy policy is informative, which means that it does not impose any obligation on the service recipients or customers of the online store. The Privacy Policy contains, first of all, the rules on the processing of personal data by the administrator in the online store, including the reasons, purposes and scope of the processing of personal data and the rights of the data subjects, as well as information on the use of cookies and analysis tools in the online Shop.

1.2.The administrator of personal data collected through the online store is YUMISU SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Białystok (registered office address: ul. Warszawska 6/32, 15-063 Białystok; and mailing address: ul. Baranowicka 23, 15). -554 Białystok); registered in the Register of Entrepreneurs of the National Court Register under KRS number 0000865362; the registry court where the company’s documents are kept: District Court in Białystok, 12th Economic Division of the National Court Register; share capital of PLN 30,000; NIP: 9662144174; REGON: 387312142, email address: yumisu@yumisu.store and contact phone number: 32 441 26 93 – hereinafter referred to as the “Administrator” and at the same time the online store service provider and the seller.

1.3. Personal data in the online store are processed by the administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of data and on the repeal of Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation“. The official text of the GDPR regulation:  http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. The use of the online store, including making purchases, is voluntary. Likewise, the provision of personal data by the Service Recipient or Customer through the Online Store is voluntary, subject to two exceptions: (1) concluding contracts with the Administrator – non-provision in cases and to the extent specified on the Online Store website and in the The Regulations of the Online Store and this Privacy Policy personal data necessary for the conclusion and performance of the contract of sale or the provision of electronic services with the Administrator result in the inability to conclude this contract. Providing personal data in this case is a contractual obligation, and if the data subject wants to conclude a specific contract with the Administrator, he is obliged to provide the necessary data. The scope of the data required for the conclusion of the contract is previously specified on the website of the online shop and in the online shop regulations; (2) Legal obligations of the Administrator – providing personal data is a legal obligation resulting from generally applicable laws that impose on the Administrator the obligation to process personal data (e.g. will prevent the Administrator from fulfilling these obligations.

1.5. The Administrator pays particular attention to protecting the interests of individuals to whom the personal data processed by him relate, and in particular is responsible and ensures that the data collected from him: (1) are processed in accordance with the law; (2) collected for specified, legitimate purposes and not subjected to further processing that is contrary to those purposes; (3) accurate and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows identification of data subjects for no longer than is necessary to achieve the purpose of processing, and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized access or unlawful conduct processing and accidental loss, destruction or damage through appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context and purposes of the processing, as well as the risk of violating the rights or freedoms of natural persons with varying degrees of probability and severity, the administrator takes appropriate technical and organizational measures to ensure that the processing is carried out comply with this regulation and be able to prove this. These measures are reviewed and updated as necessary. The administrator uses technical measures to prevent unauthorized persons from receiving and changing personal data sent electronically.

1.7. All words, phrases and acronyms that appear in this Privacy Policy and begin with a capital letter (e.g. seller, online store, electronic service) shall be construed as defined in the Online Store Terms and Conditions available on the Website of the online shop are available.


2. PRINCIPLES OF DATA PROCESSING

2.1. The Administrator has the right to process personal data if and to the extent that at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes; (2) the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures at the request of the data subject; (3) processing is necessary for compliance with a legal obligation imposed on the Administrator; or (4) the processing is necessary for the purposes of the legitimate interests of the Administrator or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. especially when the data subject is a child.

2.2. The processing of personal data by the Administrator requires the occurrence of at least one of the reasons specified in point 2.1 of the Privacy Policy. The specific reasons for the processing of personal data of service recipients and customers of the online store by the Administrator are specified in the next point of the Privacy Policy – in relation to the stated purpose of the processing of personal data by the Administrator.


3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE SHOP

3.1.The purpose, basis and period as well as the recipient of the personal data processed by the Administrator result from the actions of a specific service recipient or customer in the online store or by the Administrator.

3.2. The administrator may process personal data within the framework of the online store for the following purposes on the basis and within the periods specified in the table below:


Purpose of data processing


Legal basis for processing and period
data storage

 


Scope of processed data
Execution of the contract of sale or contract for the provision of electronic services or taking measures at the request of the data subject before entering into the above contractsArticle 6 paragraph 1 lit.(b) of the GDPR Regulation (performance of a contract) – the processing is necessary to perform the contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into the contract.The data will be stored for the period necessary to perform, terminate or otherwise terminate the concluded sales contract or contract for the provision of electronic services.
Direct marketingArticle 6 paragraph 1 lit.(f) of the GDPR provisions (legitimate interests of the Administrator) – the processing is necessary for the purposes of the Administrator’s legitimate interests – consisting of safeguarding the interests and good image of the Administrator, its online store and an effort to sell products.The data will be stored for the duration of the Administrator’s legitimate interest, but no longer than the limitation period for the Administrator’s claims against the data subject related to the Administrator’s business activities. The limitation period is based on the law, in particular the Civil Code (the basic limitation period for claims arising from the management of a company is three years, for the purchase contract two years).
In the event of an effective objection by the data subject, the Administrator may not process the data for direct marketing purposes.
MarketingArticle 6 paragraph 1 lit. (a) of the GDPR Regulations (consent) – the data subject has consented to the processing of their personal data for marketing purposes by the Administrator.The data will be stored until the consent of the person concerned to the further processing of his data for this purpose is revoked.
Customer’s opinion on the concluded purchase contractArticle 6 paragraph 1 lit. a) GDPR – the data subject has consented to the processing of their personal data for the purpose of expressing their opinion.The data will be stored until the consent of the person concerned to the further processing of his data for this purpose is revoked.
AccountingArticle 6 paragraph 1 lit. c) of the GDPR regulation in conjunction with joke. 74 sec. 2 of the Accounting Act, i.e. of January 30, 2018 (Journal of Laws of 2018, item 395) – the processing is necessary to fulfill the legal obligation incumbent on the Administrator.The data will be stored for the period required by law, which obliges the administrator to keep business records (5 years, counted from the beginning of the year following the financial year to which the data relates).
Determining, investigating or defending any claims that the Administrator may have or that may be brought against the AdministratorArticle 6 paragraph 1 lit. f) provisions of the GDPR (legitimate interest of the Administrator) – the processing is necessary for the purposes of the legitimate interest of the Administrator – consisting of establishing, investigating or defending claims made by or against the Administrator can be collected by the administrator.The data will be stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims that may be brought against the Administrator (the basic limitation period for claims against the Administrator is six years).
Using the online store website and ensuring its proper operationArticle 6 paragraph 1 lit. f) GDPR regulations (legitimate interest of the administrator) – processing is necessary for purposes arising from the legitimate interests of the administrator – consisting of operating and maintaining the website of the online store.The data will be stored for the duration of the Administrator’s legitimate interest, but no longer than the limitation period for the Administrator’s claims against the data subject related to the Administrator’s business activities. The limitation period is based on the law, in particular the Civil Code (the basic limitation period for claims arising from the management of a company is three years, for the purchase contract two years).
Keeping statistics and analyzing traffic in the online storeArticle 6 paragraph 1 lit. f) GDPR provisions (legitimate interest of the administrator) – processing is necessary for purposes arising from the legitimate interests of the administrator – consisting of keeping statistics and analyzing traffic in the online Shop to improve the functioning of the online store and increase the sale of products.Keeping statistics and analyzing traffic in the online store Article 6 paragraph 1 lit. f) GDPR provisions (legitimate interest of the administrator) – processing is necessary for purposes arising from the legitimate interests of the administrator – consisting of keeping statistics and analyzing traffic in the online Shop to improve the functioning of the online store and increase the sale of products. The data will be stored for the duration of the Administrator’s legitimate interest, but no longer than the limitation period for the Administrator’s claims against the data subject related to the Administrator’s business activities. The limitation period is based on the law, in particular the Civil Code (the basic limitation period for claims arising from the management of a company is three years, for the purchase contract two years).

4. DATA RECEIVER IN THE ONLINE SHOP

4.1. For the proper functioning of the Online Store, including the implementation of concluded sales contracts, it is necessary for the Administrator to use the services of external companies (such as software providers, courier or payment service providers). The Administrator only uses the services of such processing companies that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing complies with the requirements of the GDPR Regulation and protects the rights of the data subjects.

4.2. Personal data may be transferred to a third country by the Administrator, and the Administrator will ensure that in such a case this is done with respect to the country that ensures an adequate level of protection – in accordance with the GDPR Regulation and in the case of other countries, that the transmission takes place on the basis of standard data protection clauses. The administrator ensures that the data subject has the opportunity to receive a copy of their data. The administrator provides the collected personal data only in the case and to the extent necessary to achieve a specific purpose of data processing in accordance with this Privacy Policy.

4.3. The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients specified in the Privacy Policy – the Administrator provides data only if this is necessary to achieve a specific purpose of processing personal data and only to the extent necessary to do so. For example, if the customer uses personal collection, their data will not be transmitted to the carrier cooperating with the administrator.

4.4. Personal data of service recipients and customers of the online store may be transmitted to the following recipients or categories of recipients:

4.4.1. Forwarders / forwarders / courier brokers – in the case of a customer using the online store with the method of shipping the product by mail or courier, the Administrator provides the collected personal data of the customer to the selected forwarder, carrier or intermediary carrying out shipments Administrator’s request to the extent necessary to complete the delivery of the Product to the Customer.

4.4.2. Entities performing electronic payments or payment cards – in the case of a Customer using the Online Store using the method of electronic payment or payment card, the Administrator provides the collected personal data of the Customer to the selected entity performing the above payments in the Internet handles store at the request of the administrator to the extent necessary to process the payments made by the customer.

4.4.3. Creditors / lessors – in the case of a customer using the online store with the payment method in installments or lease payments, the administrator provides the collected personal data of the customer to the selected lender or lessor, who handles the above payments in the online store Administrator’s request, insofar as this is necessary to process payments from the customer.

4.4.4. Provider of the opinion polling system – in the case of a Customer who has agreed to express an opinion on the concluded Purchase Agreement, the Administrator provides the Customer’s collected personal data to the selected entity that provides the polling system in which opinions on the concluded Purchase Agreement are expressed Online store at the request of the administrator to the extent necessary for the customer to express an opinion on the use of the opinion polling system.

4.4.5. Service providers who provide the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct business, including the online store and electronic services provided through it (in particular providers of computer software for operating the online store, E -mail and hosting providers and providers of management software and providing technical support to the Administrator) – the Administrator provides the collected personal data of the Client to a selected provider acting on his behalf only in the event and to the extent to to achieve a specific purpose of data processing in accordance with this data protection declaration.

4.4.6. Providers of accounting, legal and consulting services providing the Administrator with accounting, legal or consulting support (in particular an accounting office, law firm or debt collection agency) – the Administrator provides the collected personal data of the Customer to a selected supplier operating in on its behalf, the contract only acts in the case and to the extent necessary to fulfill the stated purpose of the data processing in accordance with this data protection declaration.


5. PROFILING IN THE ONLINE STORE

5.1. The GDPR Regulation imposes on the Administrator the obligation to inform about the automated decision-making, including profiling, pursuant to Art. 22 sec. 1 and 4 of the GDPR Regulation and – at least in these cases – relevant information about the rules for their collection, as well as about the Importance and likely consequences of such processing for the data subject. With this in mind, the administrator provides information on possible profiling in this section of the privacy policy.

5.2. The Administrator may use profiling for direct marketing purposes in the Online Store, but decisions made on its basis by the Administrator do not affect the conclusion or refusal to conclude a Purchase Agreement or the ability to use electronic services in the Online Store. The use of profiling in the online store can consist, for example, of granting a discount to a specific person, sending him a discount code, reminding him of uncompleted purchases, sending a product suggestion that could match the interests or preferences of a specific person, or to offer better conditions compared to the standard offer of the online shop. Despite profiling, the person decides freely whether they want to take advantage of the discount they receive or better conditions and shop in the online store.

5.3. Profiling in the online store consists in automatically analyzing or predicting the behavior of a specific person on the website of the online store, e.g. adding a specific product to the shopping cart, browsing the page of a specific product in the online store or analyzing previous history of purchases made in the online shop. A prerequisite for such profiling is that the administrator has the personal data of a specific person in order to be able, for example, to send him a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning them or similarly significantly affects them.


6. RIGHTS OF THE DATA SUBJECT

6.1. The right to access, rectification, restriction, erasure or portability – the data subject has the right to request the Administrator to access their personal data, rectify them, erase them (“the right to be forgotten”) or limit processing and has the right to object to the processing and has the right to portability of his data. Detailed conditions for exercising the above rights are set out in Art. 15-21 of the GDPR Regulation.

6.2. The right to withdraw consent at any time – a person whose data is processed by the Administrator on the basis of consent (pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR), he has the right to revoke consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the time of revocation.

6.3. The right to lodge a complaint with the supervisory authority – the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory authority in the manner established by the provisions of the GDPR and, in particular, by Polish law Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

6.4. Right to object – the data subject has the right, for reasons arising from their particular situation, to object at any time to the processing of personal data relating to them on the basis of Art. 6 sec. 1 lit. e) (public interest or tasks) or f) ( legitimate interest of the administrator), including profiling based on these regulations. In this case, the administrator may no longer process such personal data, unless he proves that there are valid legally justified grounds for processing that outweigh the interests, rights and freedoms of the data subject, or grounds for assertion, investigation or defense of claims.

6.5. The right to object to direct marketing – where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for the purposes of such marketing, including profiling to the extent to which the Processing is related to such direct marketing.

6.6. To exercise the rights referred to in this point of the Privacy Policy, you can contact the Administrator by sending a message to that effect in writing or by email to the Administrator’s address given at the beginning of the Privacy Policy, or by using the contact form on the website of the Online -Stores available.


7. ONLINE STORE COOKIES AND ANALYZES

7.1. Cookie files (cookies) are small pieces of text information in the form of text files sent from the server and stored on the side of the person who visits the website of the online store (e.g. on the hard drive of a computer, laptop or on the memory card). a smartphone – depending on which device is used when visiting our online shop). Detailed information on cookies and their history can be found here, among other things: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies that can be sent from the website of the online store can be divided into different types according to the following criteria:

Due to their supplier:Due to their storage duration on the device of the person visiting the online store website:Due to the intended use:

1) own (created by the administrator’s online store website) and

2) owned by third parties/organizations (other than the admin)

1) session cookies (stored until you log out of the online store or turn off the web browser) and

2) permanent (saved for a certain time defined by the parameters of each file or until manually deleted)

1) necessary (to allow the online store website to function properly),
2) functional/preferred (enabling customization of the online store website to the preferences of the person visiting the site),
3) analytical and performance cookies (collection of information on the use of the online store website),
4) Marketing, advertising and social (collecting information about a person visiting the online store website in order to display personalized advertisements to that person and conduct other marketing activities, including on websites separate from the online store website, such as social networks

7.3. The administrator can process the data contained in cookies when visitors use the online store website for the following specific purposes:

Purpose of using cookies in the online store AdministratorIdentification of service recipients who are logged in to the online shop and indication that they are logged in (essential cookies)
Remembering products added to cart to place an order (required cookies)
Saving data from completed order forms, surveys or login details for the online shop (essential and/or functional/preferred cookies)
Adjusting the content of the Online Store website to the individual preferences of the Service Recipient (e.g. in terms of colors, font size, page layout) and optimizing the use of the Online Store websites (functional/preference cookies)
Keeping anonymous statistics showing how the online store website is used (statistics cookies)
Displaying and displaying advertisements, limiting the number of advertisements shown and ignoring advertisements that the Service Recipient does not want to see, measuring the effectiveness of advertisements and personalizing advertisements, d. H. Studying the behavior of people who visit the online store, through anonymous analysis of their activities (e.g. repeated visits to certain websites, keywords, etc.) in order to create their profile and show them advertising tailored to their likely interests, too when you visit other websites in the Google Ireland Ltd. advertising network. and visit Facebook Ireland Ltd. (Marketing, Advertising and Social)

7.4. Checking which cookies (including the lifetime of cookies and their provider) are currently being sent from the online store website is possible in the most common web browsers in the following way:

In the Chrome browser:
(1) Click on the padlock symbol in the address bar on the left, (2) Go to the “Cookies” tab.
In Firefox:
(1) Click on the shield icon in the address bar on the left, (2) go to the “Allowed” or “Blocked” tab, (3) click on “Cross-site tracking cookies”, “Social tracker”. networks”. ” or “tracker content”
In Internet Explorer:
(1) click the Tools menu, (2) go to the Internet Options tab, (3) go to the General tab, (4) go to the Settings tab, (5 ) click the “View Files” box.
In the Opera browser:
(1) Click on the padlock symbol in the address bar on the left, (2) Go to the “Cookies” tab.
In Safari:
(1) click on the “Settings” menu, (2) go to the “Privacy” tab, (3) click on the “Manage Site Data” box.
Regardless of the browser, with the available tools, e.g. at: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/e

7.5. By default, most web browsers on the market accept cookies by default. Everyone has the opportunity to set the conditions for the use of cookies through the settings of their own web browser. This means that, for example, you partially restrict the option to save cookies (e.g. possible to complete the order path via the order form, since you do not remember the products in the shopping cart during the next steps of the order).

7.6. The web browser settings in the cookies section are important in terms of consent to the use of cookies by our online store – according to the regulations, this consent can also be expressed through the web browser settings. Detailed information on how to change the settings for cookies and how to remove them yourself in the most popular web browsers can be found in the web browser’s help section and on the following websites (just click on the link):

in Chrome browser
in Firefox
in Internet Explorer
in Opera browser
in Safari browser
in the Microsoft Edge browser

7.7. The Administrator can use Google Analytics and Universal Analytics services in the Google Ireland Limited online store (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the administrator to keep statistics and analyze traffic in the online store. The collected data is processed as part of the above services to compile statistics useful in managing the online store and analyzing traffic in the online store. This data is aggregated. The administrator using the above services in the online store collects data such as sources and means of attracting visitors to the online store and the way they behave on the website of the online store, information about devices and browsers, from from which they visit the website, IP and domain, geographical data and demographic data (age gender) and interests.

7.8. It is possible for a specific person to easily block the sharing of information with Google Analytics about their activities on the online store website – for this purpose you can, for example, use a browser add-on from Google Ireland Ltd. Install which is available here:
https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9 Due to the administrator’s ability to use Google Ireland Ltd. To use the advertising and analytics services provided in the online store, the Administrator draws attention to the fact that complete information on the rules of processing data of people visiting the online store (including information stored in cookies) is provided by Google Ireland Ltd . can be found in the data protection declaration of Google services at the following address: https://policies.google.com/technologies/partner-sites.


8. FINAL PROVISIONS

8.1. The online shop may contain links to other websites. The administrator recommends that you read the privacy policy set out there after visiting other websites. This Privacy Policy applies only to Administrator’s online store.