Privacy policy
This Privacy Policy outlines how Gotyka ("Site" and any inflections of the personal pronoun "we") collects, uses, and discloses the personal information of the User who visits the site or uses our services from the site or makes a purchase on the site at gotyka.com ("Site") or otherwise communicates with us in connection with the Site (collectively, the "Services"). For the purposes of this Privacy Policy, the term "User" means the user of the Services, whether they are a customer, a visitor to the website, or another individual whose information we collect in accordance with this Privacy Policy.
The administrator of personal data is AETERNITAS VISION SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Krakow, ul. Gustawa Ehrenberga 36, 31-309 Kraków.
Registration data:
NIP: 9452299663
REGON: 529784058
KRS: 0001130217
Please read this Privacy Policy carefully.
Changes to this Privacy Policy
We may update this Privacy Policy, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on the Site, update the "Last Updated" date of this Privacy Policy, and take any other steps required by applicable law.
Collection and Use of User Personal Information
To provide the Services, we collect and have collected over the past 12 months personal information about the User from various sources described below. The information we collect and use varies depending on how the User interacts with us.
In addition to the specific uses described below, we may use the information collected about the User to communicate with the User, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.
Personal Information Collected
The types of personal information we obtain about the user depend on how the User interacts with the Site and uses our Services. "Personal information" means information that identifies, relates to, describes, or can be associated with the User. The sections below describe the categories and specific types of personal information we collect.
Information Collected Directly from the User
Information provided to us directly by the User through our Services may include:
- Contact details, including the User's name, address, phone number, and email address.
- Order information, including the User's name, billing address, shipping address, payment confirmation, email address, and phone number.
- Account information, including username, password, security questions, and other information used for the security of the User's account.
- Customer service information, including information the User provides in communications with us, for example, when sending a message through the Services.
Some features of the Services may require the User to directly provide us with certain information about the User. The User is not required to provide such information, but this may prevent them from using or accessing these features.
Collection of Usage Information
We may also automatically collect certain information about the User's interaction with the Services ("Usage Data"). For this purpose, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about the User's use of and access to the Site and the User's account, including device information, browser information, network connection information, IP address information, and other information regarding the User's interaction with the Services.
Information Obtained from Third Parties
We may also obtain information about the user from third parties, including from vendors and service providers who may collect information on our behalf, such as:
- Companies that operate the Site and Services, e.g., Shopify.
- Our payment processors, who collect payment information (e.g., bank account, credit or debit card information, or billing address) to process the User's payments for the User's orders and to deliver products or services the User has ordered, to fulfill our contractual obligations to the User.
- When the User visits the Site, opens or clicks on emails sent by us, or interacts with the Services or our advertisements, certain information may be automatically collected by us or third parties we work with using online tracking technologies, such as pixels, web beacons, software developer kits, third-party libraries, and cookies.
Any information we obtain from third parties will be processed in accordance with this Privacy Policy. See also the section below titled Third-Party Websites and Links.
Use of User Personal Information
- Providing Products and Services. We use the User's personal information to provide the User with the Services, perform our contract with the User, including processing the User's payments, fulfilling the User's orders, sending the User notifications related to their account, purchases, returns, exchanges, or other transactions, creating and maintaining the User's account, and otherwise managing that account, facilitating shipping, facilitating returns and exchanges, and using other features related to the User's account.
- Marketing and Advertising. We may use the User's personal information for marketing and promotional purposes, such as sending marketing, advertising, and promotional communications by email, text message, or mail, and displaying advertisements for products or services. This may include using the User's personal information to better tailor the Services and advertisements on the Site and other websites. If the User is a resident of the European Economic Area (EEA), the legal basis for these processing activities is our legitimate interest in selling our products, in accordance with Art. 6(1)(f) GDPR.
- Security and Fraud Prevention. We use the User's personal information to detect, investigate, or take appropriate action regarding potential fraudulent, illegal, or malicious activities. If the User chooses to use the Services and registers an account, they are then responsible for keeping their account credentials secure. We strongly recommend that the User does not share their access credentials, including username and password, with anyone. If the User believes their account has been compromised, please contact us immediately. If the User is a resident of the European Economic Area (EEA), the legal basis for these processing activities is our legitimate interest in ensuring the security of our website for the User and other customers, in accordance with Art. 6(1)(f) GDPR.
- Communicating with the User and Service Improvement. We use the User's personal information to provide customer service and improve our Services. It is in our legitimate interest to respond to the User's needs, provide effective services to the User, and maintain business relationships with the User in accordance with Art. 6(1)(f) GDPR.
Cookies
Our Site, like many other websites, uses cookies. More information about the Cookies used by us in connection with the operation of our store by Shopify can be found at https://www.shopify.com/legal/cookies. We use Cookies to be able to provide and improve the Site and Services (including remembering the User's actions and preferences), conduct analysis, and better understand the User's interactions with the Services (in our legitimate interest related to administering the Services and improving and optimizing them). Furthermore, we may permit third parties and service providers to use cookies on the Site to better tailor services, products, and advertisements on the Site and other websites.
Most browsers automatically accept cookies by default, but the User can set their browser to delete or reject Cookies using the browser controls. Please note that deleting or blocking Cookies may negatively impact the User's experience and may cause some Services, including certain features and general functionality, to work incorrectly or become unavailable. Furthermore, blocking Cookies may not fully prevent us from sharing information with third parties, such as our advertising partners.
Our website also recognizes the GPC (Global Privacy Control) signal, which allows the User to opt out of certain uses or disclosures of the User's information. If the User notifies us of their preferences via GPC, we will treat the signal as a valid request to opt out of sharing/targeted advertising for the relevant browsers or devices, and if we are able to link the device sending that signal to a Shopify account, we will apply that opt-out request to that account as well. More information about Global Privacy Control can be found at https://globalprivacycontrol.org/. We do not recognize "Do Not Track" signals that may be sent from the User's web browsers or devices other than Global Privacy Control signals.
Disclosure of Personal Information
Under certain circumstances, we may disclose the User's personal information to third parties for purposes related to contract performance, for lawful purposes, and for other reasons subject to the provisions of this Privacy Policy. These circumstances may include disclosing personal information:
- To vendors or other third parties that provide services on our behalf (e.g., IT management services, payment processing, data analysis, customer service, cloud storage, fulfillment, and shipping).
- To business and marketing partners to provide services and display advertisements to the User. Our business and marketing partners will use the User's information in accordance with their own Privacy Policy.
- When the User instructs us to disclose or otherwise consents to our disclosure of certain User information to third parties, e.g., for shipping the User's products or in connection with the User's use of social media widgets or login integrations, with the User's consent.
- To our affiliates or otherwise within our corporate group, in our legitimate interest in running a successful business.
- In connection with a business event, such as a merger or bankruptcy, to comply with all applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
Over the past 12 months, we have disclosed the following categories of personal information and sensitive personal information regarding users for the purposes outlined above in the sections "How We Collect and Use User Personal Information" and "How We Disclose Personal Information":
| Category | Categories of Recipients |
|---|---|
|
|
We do not use or disclose the User's sensitive personal information without their consent or to infer characteristics about the User.
With the User's consent, we share personal information for advertising and marketing activities as follows.
We have "sold" and "shared" (as those terms are defined in applicable law) personal information over the past 12 months for advertising and marketing activities as follows.
| Category of Personal Information | Categories of Recipients |
|---|---|
| Identifiers, e.g., name, email address, and phone number | Business and marketing partners |
| Commercial information, e.g., records of products or services purchased | Business and marketing partners |
| Usage Data | Business and marketing partners |
Third-Party Websites and Links
The Site may contain links to websites or other online platforms operated by third parties. If the User uses these links to visit websites that are not our affiliate partners / affiliated entities, the User should review the privacy and security policies and other applicable terms in force on those websites. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of information found on these sites. Information posted by the User in public or semi-public spaces, including information shared by the User on third-party social media platforms, may also be visible to other users of the Services or those platforms without limitations on its use specified by us or the third party. The inclusion of such links by us does not imply any endorsement of the content on such platforms or their owners or operators, unless specified within the Services.
Children's Data
The Services are not intended for use by children, and we do not knowingly collect any personal information from children. If the User is a parent or guardian of a child who has provided us with their personal information, they can contact us using the details below to request its deletion.
As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under the age of 16.
Security and Retention of User Information
Please note that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." Furthermore, any information transmitted to us by the User may not be secure during transmission. We recommend avoiding the use of unsecured channels to send us confidential or sensitive information.
The length of time we retain the User's personal information depends on various factors, such as whether we need the information to operate the User's account, provide the Services, fulfill legal obligations, resolve disputes, or enforce other relevant contracts and policies.
User Rights
Depending on the User's place of residence, they may be entitled to some or all of the rights listed below regarding their personal information. However, these rights are not absolute and may only apply in specific circumstances, and, if permitted by law, we may deny the User's request.
- Right to Know / Right to Access Personal Information. The User may have the right to request access to the personal information we hold about them, including information about how the User's information is used and disclosed by us.
- Right to Deletion of Personal Information. The User may have the right to request the deletion of the User's personal information stored by us.
- Right to Correction of Personal Information. The User may have the right to request the correction of inaccurate personal information about the User that we hold.
- Right to Portability of Personal Information. The User may have the right to receive a copy of the User's personal information held by us and to request that it be transmitted to a third party, under specific circumstances and with specific exceptions.
- Right to Opt-Out of Sale, Sharing, or Targeted Advertising. The User may have the right to direct us not to "sell" or "share" the User's personal information or to opt out of the processing of the User's personal information for purposes considered "targeted advertising," as defined in applicable privacy laws. Please note that if the User visits the Site with a GPC opt-out preference signal enabled, then depending on the User's location, we will automatically treat that signal as a request to opt out of "selling" or "sharing" information for the device and browser the User uses to visit the Site.
- Restriction of Processing. The User may request that we stop or restrict the processing of the User's personal information.
- Withdrawal of Consent. Whenever we require consent to process the User's personal information, the User may have the right to withdraw that consent.
- Appeal. If we deny the User's request, the User may have the right to appeal our decision. To do so, the User should respond directly to our denial.
- Managing Communication Preferences. We may send the User promotional emails, and the User can opt out of receiving them at any time by using the unsubscribe option provided in our emails. If the User opts out, we may still send them non-promotional emails, such as emails about the User's account or orders.
The User can exercise any of these rights where indicated on the Site or by contacting us using the contact details provided below.
We will not discriminate against the User for exercising any of these rights. Before providing a substantive response to a request, we may need to collect information from the User (e.g., email address or account information) to verify their identity. In accordance with applicable law, the User may designate an authorized agent to submit a request on the User's behalf to exercise the User's rights. Before accepting such a request from an agent, we will require the agent to provide proof that they have been authorized to act on the User's behalf, and we may also require the User to verify their identity directly with us. We will respond to the User's request in a timely manner, as required by applicable law.
Complaints
If you have complaints about how we process your personal information, please contact us using the contact details provided below. If the User is not satisfied with our response to their complaint, then depending on their place of residence, they may have the right to appeal our decision (by contacting us using the contact details below) or to lodge a complaint with the relevant local data protection authority. A list of relevant data protection supervisory authorities in the EEA can be found here.
International Users
Please note that we may transfer, store, and process the User's personal information outside of their country of residence. The User's personal information is also processed by staff, external service providers, and partners in these countries.
If we transfer the User's personal information outside of Europe, we will rely on recognized data transfer mechanisms, such as the European Commission's Standard Contractual Clauses or any equivalent documents adopted by the relevant authority in the United Kingdom, unless the data is transferred to a country that has been deemed to provide an adequate level of protection.
Contact
For any questions about our privacy practices or this Privacy Policy, or to exercise any of your rights, please contact us by phone or email at contact@gotyka.com or write to us at Gustawa Ehrenberga 36, Kraków, 31-309, PL.
For the purposes of applicable data protection laws and unless otherwise stated, we are the controller of the User's personal information.
