Privacy Policy

Privacy policy concerns all aspects of personal data processing on the website (hereinafter referred to as "SERVICE"), operated by the company Wonderberry Sp. z o.o. with its registered office at 34 Tamka Street, 00-355 Warsaw, hereinafter referred to as "ADMINISTRATOR". Supervision over data processing and protection is exercised by the Data Protection Officer (hereinafter DPO), who can be contacted via email at: iod@moodscentbar.com.

PERSONAL DATA

Personal data of SERVICE users are processed in the following situations:

  1. registration and account management of the User in the online store operated by the Administrator;
  2. sending messages to email addresses provided by the ADMINISTRATOR;
  3. storing and storing files (so-called cookies) in the memory of the device used by the User to browse the SERVICE. Cookies allow the identification of Users during subsequent visits to the SERVICE, but do not allow the ADMINISTRATOR to identify the specific individual using the device at a given time – details of this processing are described in the Cookie Policy below;
  4. storing Newsletter Subscribers, identified by email address, in the database and sending them an informational bulletin – details of this processing are described in the Newsletter Regulations below;
  5. sending messages to email addresses provided by the ADMINISTRATOR; User

In each of the above cases of using the SERVICE, your personal data will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR; OJ EU L. from 2016 No. 119, p. 1 as amended). The ADMINISTRATOR ensures that it protects your data in accordance with applicable law and information security standards, in particular the SERVICE communication when displayed on the user's device with the server is carried out using an SSL encryption protocol, which makes logging into the SERVICE fully secure. The basis and purpose of processing your personal data depend on the processing situation, as described in more detail in the respective sections below.



REGISTRATION IN THE SERVICE

  1. People who register on the Website are asked to provide data necessary to create and manage an account. To facilitate User service, additional data may be provided, thereby consenting to their processing. Such data can be deleted at any time. Providing data marked as mandatory is required to create and manage an account, and failure to do so will result in the inability to create an account. Providing other data is voluntary.
  2. Personal data is processed to provide services related to the operation and management of an account on the SERVICE – the legal basis for processing is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR);



PLACING ORDERS

  1. Placing an order (purchase of goods) by the User of the SERVICE involves processing their personal data. Providing data marked as mandatory is required to accept and process the order, and failure to do so will result in the order not being fulfilled. Providing other data is optional.
  2. Personal data is processed:
  • for the purpose of fulfilling the placed order – the legal basis for processing is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR);
  • for the purpose of fulfilling legal obligations imposed on the Administrator, arising in particular from tax and accounting regulations – the legal basis for processing is a legal obligation (Art. 6(1)(c) GDPR);
  • for the purpose of any establishment and pursuit of claims or defense against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), consisting in protecting its rights.



EMAIL COMMUNICATION

The purpose of processing data of Users sending electronic messages to email addresses provided by the ADMINISTRATOR is to respond to the submitted message or to present the Administrator's product offer, based on consent expressed by sending the message, in accordance with Art. 6(1)(a) GDPR, later the data may also be processed for purposes other than SERVICE, about which the User will be appropriately informed.



WHO HAS ACCESS TO YOUR PERSONAL DATA?

Recipients of your data may include persons cooperating within the organizational structure of the ADMINISTRATOR and entities processing data on behalf of the ADMINISTRATOR, based on concluded personal data processing agreements. Implemented Google Analytics plugins cause data regarding the use of our website to be transferred to the service provider, i.e., Google LLC, outside the European Economic Area. The data transfer takes place to the United States, where under certain national security programs, U.S. public authorities may access your data.

In accordance with the decision of the European Commission, the United States ensures an adequate level of protection of personal data in accordance with EEA standards. The Commission's decision against the USA covers companies participating in the Data Privacy Framework program, including Google Analytics.



How long do we store your personal data? The storage period depends on the processing situation:

  1. the storage time of cookies on the User's device depends on their type and the User, as described in detail in the Cookie Policy;
  2. storing the email address of the Newsletter Subscriber ends when they withdraw their consent to their processing in a documented manner – the standard way to withdraw consent is described in the Newsletter Regulations below;
  3. data sent via email will be stored until consent is withdrawn or the limitation period expires;
  4. personal data processed in the case of orders are processed until their completion, the expiry of the deadlines specified in tax and accounting regulations, and until the expiration of claims;
  5. personal data processed in the case of registration in the SERVICE are processed until instructions are given to delete the account, which can be done by sending an email to kontakt@moodscentbar.com.



RIGHTS OF SERVICE USERS UNDER GDPR

You have (subject to the basis of processing) the right to access your data and receive copies thereof, the right to rectify (correct) your data, the right to request deletion of data, the right to request restriction of data processing SERVICE by the User. Cookies are small text files that are stored on the User's device, allowing the identification of the User when revisiting the SERVICE. They allow, among others, the use of some functionalities and proper adjustment of displayed content to the User's preferences. More information about cookies can be found in the Cookie Policy available on the SERVICE website.



CHANGES TO THE PRIVACY POLICY

The ADMINISTRATOR reserves the right to change this Privacy Policy at any time, especially due to technological changes, changes in data processing practices, or new legal regulations. The current Privacy Policy is always available on the SERVICE website. We recommend regularly checking for any updates.



CONTACT

If you have any questions regarding the Privacy Policy or the processing of personal data, please contact us via email at iod@moodscentbar.com or by mail at the address: Mood Scent Bar Sp. z o.o., 33 Tamka Street, 00-355 Warsaw.