PRIVACY POLICY

This Privacy Policy applies to the processing and protection of Users' personal data in connection with their use of the www.warsawsaints.com website.

Our overriding objective is to ensure that the Service Users' privacy is protected at a level that is at least equivalent to the standards set out in the applicable legislation, in particular the Act of 18 July 2002 on the provision of electronic services, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.

Anyone who uses the Website remains anonymous until they decide to reveal their identity. The Data Controller processes personal data on the basis of, inter alia, consent, where consent should also be understood as the ticking of the relevant box or any other behaviour that clearly indicates acceptance of the proposed processing. 

The Administrator's website and services are not intended for or directed at children under the age of 18.

If you do not accept the contents of this Policy immediately cease using the Service.

I. Definitions

• Website - the website on the domain warsawsaints.com, made available by the Service Provider to provide certain services, content or functions to Users;
• Administrator - the administrator of the personal data, i.e. Andriy Grinchak conducting business activity under the name Warsaw Saints Andriy Grinchak, Adama Branickiego 9 lok 73, 02-972 Warsaw, registered in the Central Register and Information on Business Activity conducted in the information and communication system by the minister responsible for economy, under the number NIP: 1230849981, REGON: 142496229;
• User - a natural person with full legal capacity who uses the Website Services;
• GDPR- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
• Personal data (or "data") - any information relating to an identified or identifiable natural person;
• President of the Office for the Protection of Personal Data ("PUODO") - the data protection authority overseeing compliance with data protection legislation;
• Identifiable natural person - a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social characteristics; information shall not be considered to identify a person if this would involve unreasonable expense, time or effort;
• Data processing - any operation performed on personal data, such as collection, recording, storage, elaboration, alteration, sharing and deletion, and in particular those operations performed in computer systems,
• Purpose of processing - to determine for what purpose personal data is collected and processed;
• Consent - The User's voluntary, informed and unambiguous consent to the processing of his/her personal data for a specific purpose;
• Right of access - the User's right to obtain information about the personal data processed and its source;
• Right to rectification - the User's right to correct inaccurate or outdated personal data;
• Right to erasure (right to be forgotten) - the User's right to request the erasure of his/her personal data, subject to certain conditions;
• Right to data portability - the User's right to receive their personal data in a transferable form to another service provider.

For definitions not covered above, the definitions and terms set out in the Shop Rules shall apply accordingly.

II. Who is the Controller of my personal data?

The administrator of your personal data is Andriy Grinchak conducting business activity under the name Warsaw Saints Andriy Grinchak, ul. Adama Branickiego 9 lok 73, 02-972 Warsaw, entered into the Central Register and Information on Business Activity conducted in the ICT system by the minister responsible for economy, under the number NIP: 1230849981, REGON: 142496229;

You can contact us about your personal data at e-mail: hello@warsawsaints.com or telephone number: +48 793 615 617.

 III. The legal basis and purposes of data processing depend on the type of Services you use:

The periods indicated in the table above are counted from the end of the year in which the Administrator started the data processing in order to facilitate the technical process of controlling these periods. After this time, the personal data shall be permanently destroyed or deleted, unless the obligation to continue storing them arises from applicable legislation.

IV. With whom do we share your personal data?

The controller may transfer your personal data to the following categories of recipients:

• payment service providers depending on the selected payment method (AutoPay S.A. with its registered office in Sopot (online transfer and payment card), Apple Inc. (Apple Pay), Google LLC (Google Pay), Polski Standard Płatności sp. z o.o. with its registered office in Warsaw (BLIK), PayPo Sp. z o.o. with its registered office in Warsaw (PayPo), PayPal (Europe) S.à r.l.et Cie, S.C.A. (PayPal), the bank chosen by the Buyer (traditional transfer);
• the company providing technical and IT support, including website and email hosting (Google LLC, Shoper S.A. based in Krakow);
• the company providing the newsletter dispatch system (GetResponse S.A.based in Gdansk);
• company providing accounting support;
• a company providing tools for the analysis of statistics and analytical tools tracking traffic on the Website - Google Analytics Google Ads, Google Tag Manager, Merchant Google Center, DoubleClick (Google LLC), Facebook Pixel (Meta Platform Inc.), Hotjar (Hotjar Ltd.), Shoper (Shoper S.A. based in Krakow);

All external parties may only use your data for the purpose of providing the service in question. All persons who have access to your data must process it with care and comply with applicable laws and regulations. We do not pass on your data to third parties for commercial purposes and we do not sell your data to other companies.

The Service may provide personal data to authorised authorities, tax authorities and/or law enforcement agencies if required by law.

V. Transfer of data to third countries

The controller transfers your personal data outside the EEA only when necessary and resulting from the use of international companies.  Service providers are obliged to provide the same level of protection and use appropriate legal mechanisms to ensure the protection of personal data, such as, for example, binding corporate rules adopted by the competent supervisory authority or other international certification standards or standard contractual clauses defined by the European Commission.

The aforementioned companies guarantee compliance with data protection standards analogous to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The Service's use of their technology in processing personal data remains lawful.

For more information on the transfer of data outside the EEA, see: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_pl

VI. User rights

1. The user has the right to request from the Administrator:

• access to his or her personal data - any person exercising this right has the right to be informed whether and what information is processed about him or her by the Administrator and to obtain a free copy of the data,
• rectification of data - any person exercising this right has the right to request the rectification of his or her data or their completion,
• restriction of processing - any person exercising this right has the right to restrict the processing of their data where the accuracy of the data and the lawfulness or necessity of the processing is contested and to object.
• withdrawal of consent to data processing - any person exercising this right has the right to withdraw previously given consent to the processing of data for the purposes specified in the consent. Consent is not retroactive which means that the processing of data prior to the withdrawal of consent remains legal. Please note that the above entitlement only applies to data processing based on the User's consent.
• to object - any person exercising this right will be able to object to the processing of his/her data based on the legitimate interest of the Controller,
• data portability-any person exercising this right will be able to request the transfer of his/her data in pdf format to the designated Controller.

2. In addition to the rights indicated above, any person whose data is being processed has the right to lodge a complaint with the President of the Office for Personal Data Protection if he/she considers that his/her data is being processed contrary to the applicable regulations. The complaint shall be submitted to the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw, or using the form on the website: https://uodo.gov.pl/.
3. The rights set out in para. 1 can be exercised by contacting us using the contact details, i.e. e.g. email: hello@warsawsaints.com The Administrator will exercise the rights by contacting the Administrator's e-mail address within a maximum of 30 days of receiving the request. If, due to the special nature or complexity of the case, it will not be possible to do it within 30 days, the Administrator will execute the rights within the following month and will immediately inform the entitled person about the extension of the deadline.
4. In order to ensure security, we reserve the right to provide certain information known to us. By using such a process, we can verify that it is indeed the data subject.
5. The Administrator shall be entitled to refuse to exercise the rights indicated above only if it is in accordance with the law and on grounds overriding the interests of the right holder. The Administrator shall each time inform the authorised person of the reasons for refusal to execute the request.

 VII. Automated decision-making, profiling

The Administrator analyses Users' personal data by analysing traffic on the Website, history of activity on the Website. The analysis of the data does not cause any legal effects or influence the rights and freedoms of the User in any way, and the data are processed only for the purpose of establishing the Users' preferences and adjusting the content and offers created by the Administrator to the Users' preferences.

 VIII. Cookies

1. The Website uses cookies, i.e. small text and number files which are saved by the ICT system in the User's ICT system (on a computer, phone or other device of the User from which the connection with the Website was made while browsing the Website, and enable subsequent identification of the User in the case of a repeated connection with the Website from the device (e.g. computer, phone) on which they were saved.

2. The administrator may use the following types of cookies:

• Temporary cookies exist on your computer only while you are on a particular website - to be more precise, until you close your browser. They allow the Website to remember what customers have chosen on the previous page and are designed to optimise navigation on the Website, e.g. by remembering the settings of a logged-in User, so that the user does not have to re-enter his/her login and password on each sub-page of the Website (no password or login are stored in the "cookie" - only the customer session number, which does not identify the customer's personal data).
• statistical cookies - this type of cookie is used to provide important information about site traffic and how visitors use the site. Google Analytics, Hotjar, among others, are used to collect this data. These cookies are only used to collect statistics on website traffic and to profile the user in order to display tailored material to him/her on advertising networks, in particular the Google network,
• Functional cookies exist on your computer only while you are on a particular website - to be more precise, until you close your browser. They allow the Website to remember what customers have chosen on the previous page, and are designed to optimise navigation on the Website, e.g. by remembering the settings of a user logged into the Website - so that the user does not have to re-enter data on each sub-page of the Website (only the customer session number is stored in the "cookie", which does not identify the customer's personal data),
• essential cookies - installed by the Administrator through the Website in order to provide the Users with the services offered on the Website and to function correctly,
• analytical cookies - this type of cookie is used to provide important information about site traffic and how visitors use the site. These cookies are only used to collect statistics on site traffic and to profile the user in order to display tailored material to them on advertising networks, in particular the Google network,
• marketing cookies - installed by the Administrator or third parties whose services are used by the Administrator in order to adapt the marketing content displayed to the Users' preferences (Facebook Pixel),
• other cookies - other cookies which do not remain essential for the functioning of the Website and which are used by social media.

3. The aforementioned companies guarantee compliance with data protection standards analogous to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The Service's use of their technology in processing personal data remains lawful.

4. No information constituting personal data of the Service Users is stored in cookies. Cookies are not used to determine the identity of a User. The basis for the use of cookies is the legitimate interest of the Administrator.

5. Cookies are used on the Website with the User's consent.

6. Cookies placed on a Service User's terminal equipment may also be used by advertisers and partners cooperating with the Administrator, and may also be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which a user uses the Service. For this purpose, they may retain information about the User's navigation path or the time spent on a particular page.

7. The Administrator analyses the browsing history of the Website and website traffic in an automated manner. The analysis of the data does not have any legal effect on the Users and is only intended to adapt the content presented by the Administrator to the Users' preferences.

8. The User may, at any time, withdraw or change the scope of their previously given consent to the use of cookies on the Website and delete them from their browser.

9. Consent may be given by the User through the appropriate settings of the software, in particular the Internet browser, installed on the telecommunications device used by the User to view the content of the

10. The User may also restrict or disable cookies in his/her browser at any time by setting it in such a way that it blocks cookies or warns the User before a cookie is stored on the device he/she is using to view the content of the Website.

IX. Analytical and marketing tools, social media plug-ins

1. Google Analytics

The website uses an analytics tool known as "Google Analytics," provided by Google LLC. Google Analytics allows us to collect data on the use of the website and to analyse user behaviour. Below you will find relevant information on this subject:

• Purpose of data collection: Google Analytics helps us to understand what pages you visit, how long you stay on our website and what actions you take. This data is used to analyse and improve our website.
• Data processing: Google Analytics may collect information about your device, browser, geographical location and interactions with our website. All data is anonymous and does not identify specific users.
• Privacy protection: Google has its own privacy policies that govern the processing of data within Google Analytics. You can read them on Google's privacy policy page: https://policies.google.com/privacy.
• Data management: If you do not want your data to be collected by Google Analytics, you can use your browser's privacy settings management tools or install a browser add-on to disable Google Analytics.

Google Analytics stores usage data on servers located in the United States. This is important because the US is treated as a third country in the context of European data protection regulations such as the GDPR (the GDPR was in force until my knowledge cut-off date, which is September 2021).

IP address anonymisation: One of the key steps Google Analytics takes to protect user privacy is to anonymise IP addresses. This means that the last octet of the user's IP address is removed or replaced with a random identifier. This keeps the user relatively anonymous and makes it much more difficult to accurately identify the user by IP address.

Google provides mechanisms that allow data, including IP addresses, to be transferred from member states of the European Union and other EEA countries to Google's servers in those same countries, which may help to maintain some consistency with European data protection regulations

2. Facebook Pixel

The service provider uses a tool known as the "Facebook Pixel," which is provided by Facebook, Inc. (now Meta Platforms, Inc.). Facebook Pixel is an analytics tool that helps us understand what actions you take on our website and what content you are most interested in. This allows us to tailor our website and offerings to your needs and provide a better user experience.

We would like to inform you of a few rules regarding the processing of data via Facebook Pixel:

• Type of data collected by Facebook Pixel: Facebook Pixel may collect different types of data, such as information about the pages you view, your activity on our site, your interactions with content, as well as information about the devices you use.
• Purpose of data collection: The data collected through Facebook Pixel are used for analytical, marketing and advertising purposes. They allow us to tailor content and advertising to your preferences and to analyse the effectiveness of our campaigns.
• Data sharing: Data collected by Facebook Pixel may be shared with Facebook, Inc. and its partners. We do not share any personal data, such as your name or email address, without your express consent.
• Managing and disabling Facebook Pixel: If you do not want your data to be collected via Facebook Pixel, you can use the privacy settings management tools in your browser settings or visit the Facebook privacy settings link to disable Pixel.

Data collected via Facebook Pixel may be stored on Meta's (Facebook) servers in the United States. Facebook Pixel also supports data anonymisation to protect user privacy

3. Google Tag Manager

Google Tag Manager is a tool for managing tags and scripts on a website. It facilitates the management and implementation of various analytics and tracking tools on the website.

Google Tag Manager allows site owners the flexibility to manage scripts and tools without having to interfere with the site's source code. It facilitates the integration of tools such as Google Analytics, Facebook Pixel or other analytics tools. Google Tag Manager is provided by Google LLC.

• Types of data collected by Google Tag Manager: Google Tag Manager does not collect personal data directly, but manages other tools and scripts that may collect different types of data, such as those mentioned for Google Analytics and Google Ads.
• Purpose of data collection by Google Tag Manager: Google Tag Manager allows us to manage and implement analytics and tracking tools on our website in a more efficient way.
• Data storage: Google Tag Manager does not store data. It acts as a manager for other tools. Data collected by tools managed by Google Tag Manager may be stored and processed by the providers of these tools.
• Sharing data with Google Tag Manager: Google Tag Manager does not collect or store data. It acts as a management tool for other tools, so the sharing of data depends on those tools.
• Managing and disabling Google Tag Manager: Google Tag Manager does not collect or process personal data, so disabling it is not necessary. However, you can control which tools and scripts are implemented on your website using Google Tag Manager.

4. DoubleClick, Google Ads, Merchant Google Center

DoubleClick, Google Ads and Merchant Google Center are advertising platforms provided by Google. DoubleClick is an advertising platform that uses cookies to track users' interactions with ads. Google Ads (formerly AdWords) is an advertising platform that allows you to create and manage advertising campaigns in Google search results. Merchant Google Center is a tool for managing products and offers within the Google Ads platform.

These platforms are used to display ads on the website and in Google's search results. DoubleClick allows you to track the effectiveness of your ads, while Google Ads and Merchant Google Center allow you to create and manage advertising campaigns and product listings. The service provider of these tools is Google LLC.

• Types of data collected by DoubleClick, Google Ads and Merchant Google Center: These advertising platforms may collect data on user interactions with ads, such as clicks, ad impressions, conversions and other ad-related activities,
• Purpose of data collection by DoubleClick, Google Ads and Merchant Google Center: The purpose is to measure the effectiveness of advertising campaigns and deliver more relevant ads.
• Data storage: Data collected by these advertising platforms is stored on Google's servers, which may be located outside your jurisdiction, including in the United States. Google is a certified participant in the Privacy Shield programme, which ensures adequate data protection for international transfers.
• Data sharing with DoubleClick, Google Ads and Merchant Google Center: Data may be shared with Google and advertising providers for the purpose of delivering advertising on our website and on other advertising platforms.
• Option to disable DoubleClick, Google Ads and Merchant Google Center: You can adjust your advertising preferences in your browser settings and via the advertising preference management options available on Google's websites.

5. Hotjar

Hotjar is an analytics tool that helps websites analyse user behaviour on the site. Hotjar offers features such as heat maps, user session recordings and online surveys.

Hotjar helps to understand how users browse the site, what they click on and where they spend the most time. It is an analytics tool that helps to optimise the user experience. Hotjar's service provider is Hotjar Ltd.

• Types of data collected by Hotjar: Hotjar may collect data on user behaviour on our website, such as heat maps, recordings of user sessions and responses to online surveys. This data is usually anonymised or pseudonymised.
• Purpose of Hotjar's data collection: the purpose of Hotjar's data collection is to analyse user behaviour on the website in order to understand how to improve and customise it.
• Sharing of data from Hotjar: Data collected with Hotjar usually remains on Hotjar servers and is not shared with third parties.
• Option to disable Hotjar: You can disable Hotjar tracking on our website by using the Hotjar plugin disabling option. Please see our Privacy Policy for details.

Hotjar servers are located in various locations around the world, including Europe. Hotjar uses appropriate security measures to protect data.

X. Social media plug-ins

We would like to inform you that the Service may include links (plug-ins) that allow its Users to reach directly to other websites for which the owner of the Service is not responsible, such as: Facebook, Instagram, Google.

 We have no control over the privacy policy and use of cookies of the administrators of these websites. We recommend that, before using the services offered by other websites, each User should read the privacy policy document and the use of cookies, if provided, or, if not provided, contact the administration of the website in question to obtain information on this subject.

Using social plug-ins:

When using these plug-ins, you consent to the transfer of certain personal data to social media administrators such as Facebook, Instagram, Google. The administrators of these platforms act as joint data controllers with us with regard to the information transmitted through these plugins.

Data provided to social media administrators may include information such as email address, user ID, profile data, preference information and other data necessary for the login process and user authentication.

The data provided to social media administrators is used, among other things, to enable users to log in to our website using their account on social media platforms. Social media administrators may also use this data to adapt content, provide personalised services and analyse user behaviour.

XI. How do we secure your personal data?

The controller does everything possible to keep your data secure. To this end, it implements appropriate technical and organisational measures so that the processing is carried out lawfully and in a manner that ensures security, including, among other things, the use of an encrypted connection - SSL (protocol https://).

The IT systems used by the Administrator have appropriate safeguards in place to guarantee the confidentiality and integrity of the personal data processed.

XII. Where can I raise concerns/comments about what processing of personal data?

We would like to emphasise that your privacy is important to us, and we take all possible steps to protect your data. If you have any questions or concerns about the processing of your data on our Service, please do not hesitate to contact us:

• via e-mail: hello@warsawsaints.com,
• via telephone number: +48 793 615 617.

XIII. Final provisions

The controller shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and the category of data protected, and in particular it shall protect the data against their access to unauthorised persons, against their being taken by an unauthorised person, against their being processed in violation of the applicable regulations, and against their alteration, loss, damage or destruction.

The Administrator reserves the right to change the Privacy Policy for important reasons (such as change of generally applicable regulations, introduction of new functionalities, modification of IT systems). The Administrator shall inform Users of any change to the Privacy Policy by posting information about the change to the Privacy Policy on the homepage. Users with a User Account shall additionally be informed by the Administrator by sending information about the change in the Privacy Policy to the e-mail address indicated by them in the registration form.

An amendment to the Privacy Policy shall come into force within 14 days of its publication on the Website Archived versions of the terms and conditions are published on the Website under the "Privacy Policy" tab.

For contracts concluded before the Privacy Policy was amended, the Privacy Policy in the version in force on the date of the Contract shall apply.