PRIVACY POLICY
MOSUOS ONLINE STORE PRIVACY POLICY
I. INTRODUCTORY PROVISIONS
1 This privacy policy sets out the rules for the protection and processing of your personal data in connection with the operation of the online store, available at www.mosuos.eu.
2 This document was created to make clear to you the principles of processing of this personal data, primarily by indicating the purposes and grounds for processing. It also contains information about who is the controller of the personal data, to whom they are shared, and what rights you have.
(3) Please note that you should read this Policy immediately after using our Website and before purchasing products and using our services.
4 The administrator of personal data is YABOO SP. ZO.O. , with its main place of business in GDYNIA, at PLAC GÓRNOŚLĄSKI 21, 81-509 , hereinafter referred to as “Administrator”.
5. the Administrator’s contact details in connection with the processing of personal data are: info@mosuos.eu
6 The Administrator decides for what purpose Personal Data is processed and what means are used by him.
II. DEFINITIONS
1 Policy means this document;
(2) Personal data shall mean personal data as defined in Art. 4 para. 1) RODO: “personal data is information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity” including name, phone number, email address, bank account number, device IP, social media user account name and profile picture, Internet ID and information collected through cookies and other similar technology;
3 Administrator – YABOO SP. ZO.O. , with the main place of business in GDYNIA, at PLAC GÓRNOŚLĄSKI 21, 81-509
4. RODO – means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
5. the Law – means the Law on Personal Data Protection dated May 10, 2018;
6. website means the website available at www.mosuos.eu.
7. Store – a separate part of the Administrator’s business, within the framework of which he sells goods – clothing items and clothing accessories, through the Website.
III. BASIC INFORMATION
(1) The processing of personal data will be carried out in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (RODO), and in the Personal Data Protection Act of May 10, 2018. (the Act).
(2) The Administrator shall exercise due diligence to ensure the security of your Personal Data in accordance with the RODO.
3 We receive personal data directly from you. This follows:
a. When you make contact with us by any means, such as by sending a message through the contact form or through social media;
b. When using our website;
c. By sending us an email;
d. When contacted by telephone from your side;
e. When subscribing to our newsletter;
f. When entering into a sales contract with us through the online store;
g. When participating in a contest or promotional campaign organized by us;
h. During other activities related to the use of our online store;
i. When registering a user account with our online store.
(4) The Administrator notes that if you make contact with him through websites or online platforms independent of him, such as Instagram, Facebook, Twitter, TikTok, email service providers, your Personal Data may be processed by operators of these platforms or service providers independent of the Administrator. In addition, in connection with the use of our Online Store, you may provide Personal Data directly to third parties who provide services that enable the performance of the sales contract you conclude, for example, your debit/credit card data when you may be transferred directly by you to the payment service provider during payment processing, and data from cookies may be collected by the data controller for the WORDPRESS platform that provides the operation of the Store . In this case, the scope and principles of processing such data are not determined by the Administrator – they are regulated by third parties, in documents separate from this Policy. The Administrator recommends reading these documents before using the services offered by these operators.
5 Notwithstanding the above, please note that by using social media with a public profile – available to any user of the platform – you are knowingly sharing your Personal Information with unspecified individuals. This may involve the risk that your person or location may be identified, privacy violated, or identity stolen.
IV. DATA PROCESSING PRINCIPLES
(1) Personal data is processed by the Administrator in the following situations:
a. For the purpose of entering into and performing a sales contract between you and the Administrator, whereby:
i. The first basis for processing is Article 6 para. 1(b) of the DPA – it is done in connection with the conclusion of said contract and primarily for the purpose of its performance;
ii. Another is Art. 6 para. 1(c) of the DPA – performance of legal obligations incumbent on the Administrator, in particular accounting and tax obligations related to the settlement of the contract;
iii. The last one is Art. 6 para. 1(f) RODO – realization of the Administrator’s legitimate interests related to the contract. These include archiving contractual documentation, informing about changes, possible assertion or defense against claims.
b. For the purpose of conducting direct marketing. The basis is Article 6 para. 1 lit. f RODO – realization of the Administrator’s legitimate interests in marketing. At the same time, direct marketing will be conducted electronically only if you give the appropriate consent, required by separate laws;
c. For the purpose of providing the newsletter service. The basis for data processing is Art. 6 para. 1(f) RODO – realization of the legitimate interests of the Administrator related to the transmission of information, including marketing information, in the course of providing this service;
d. We process personal data for the purpose of communication with you, in particular through the contact form available on the Website, email, telephone contact, social media, WhatsApp messaging. The basis for data processing is Art. 6 para. 1(f) RODO – realization of the legitimate interests of the Administrator, in the form of: 1) conducting communications with potential customers and persons interested in its activities, and 2) the possible assertion of claims in the event that the content of messages communicated to us or published on our social channels violates the law or the rights of the Administrator or third parties;
e. We process personal data in connection with your creation of an account on the Website, to enable registration, order tracking, access to order history and other information provided within the user panel. The basis for data processing is Art. 6 para. 1(f), RODO – realization of the Administrator’s legitimate interests related to the operation of the Store;
f. We also process personal data in connection with the return of goods, in order to enable us to process the return of goods and to pay you the funds due. The basis for data processing is Art. 6 para. 1(c) RODO – the implementation of obligations incumbent on the Administrator under applicable laws;
g. Personal data may also be processed for the purpose of counteracting violations of the law, including crimes, in particular those related to money laundering. The basis for data processing is Art. 6 para. 1(c) of the RODO – fulfillment of obligations incumbent on the Administrator under applicable laws and is Art. 6 para. 1 lit. f RODO in the event that the obligation to provide information to competent entities or authorities, in connection with a reasonable suspicion of violation of the law, results from an agreement concluded between the Administrator and that authority or entity, for example, an agreement with a payment service provider;
h. We also process personal data in connection with the organization and conduct of contests or promotional activities. The bases for processing are:
i. Art. 6 para. 1(f) RODO – realization of the legitimate interests of the Administrator, related to the performance of obligations arising from the public pledge, organization and conduct of a competition, promotional events or similar events, as well as the possible assertion of claims or defense against claims related to the event;
ii. Art. 6 para. 1(c) of the DPA – the fulfillment of legal obligations incumbent on the Administrator in connection with the organization and conduct of such contests, actions or events, in particular those related to the settlement of prizes, gifts and other gratuitous services performed as part of them.
(2) The Administrator shall process only the categories of personal data necessary for the purposes indicated above. In the case of:
a. The processing referred to in 1.a. above (conclusion and performance of the Contract), these are in particular: name, surname, mailing address, e-mail address, telephone number, but also company name and Tax Identification Number, if the Contract is concluded with an individual entering into it as a businessman; while the provision of these data is fully voluntary, but without their provision the conclusion of the Contract and its performance is not possible. In addition, we may process Personal Data regarding claims related to the Contract, such as, for example, the amount of your debt;
b. processing referred to in 1.b, 1.c, 1.d (marketing, newsletter) above, these are in particular: name, surname, mailing address, email address;
c. The processing referred to in 1.e above (communication), these are in particular: name, surname, mailing address, email address, telephone number, information possibly provided as part of the communication, if necessary to provide feedback. If the communication is conducted via instant messaging or social media, the Personal Data may also include the user’s account name, profile picture;
d. processing referred to in 1.e above (registration of an account on the Website), these are in particular: name, surname, mailing address, email address, telephone number;
e. processing referred to in 1.f above (return), these are, in particular, name, mailing address, order number, bank account number;
f. processing referred to in 1.g above (prevention of violations of the law and crimes), these are in particular name, surname, mailing address, delivery address, contact details, order number, bank account number, information available on the registered user account;
g. processing referred to in 1.i above (contests and promotional actions), these are in particular: name, surname, mailing address, email address, telephone number, possible information provided in connection with the contest entry or for the purpose of entering a promotional action. Provision of data is fully voluntary, but their nonprocessing is necessary for entry and participation in a contest or promotional action.
(3) The Administrator shall only process Personal Data obtained directly from the subject.
(4) We keep personal data for the maximum time necessary to achieve the purposes listed in para. 1 of this section, viz:
a. In the case of a contract, the data will be processed until it is settled and executed. In the case of legal obligations incumbent on the Administrator, the period will correspond to the duration of the obligation justifying the data processing. For example, in the case of processing personal data for accounting and tax purposes, this will be dictated by the period for which such records must be kept (i.e., a period of 5 years calculated from the end of the calendar year in which the tax obligation arose). In the case of data processing for the purpose of claiming claims, the period of processing will expire when the statute of limitations for claims expires (i.e. a period equal to the statute of limitations for claims for non-performance or improper performance of a sales contract in connection with the conduct of business – as a rule, 3 years; and/or torts in accordance with the relevant provisions of law. The end of the limitation period is the last day of the calendar year. The aforementioned period may be extended by the time necessary for the final conclusion of the proceedings under way or for the realization of the obligations and rights arising from the settlement issued);
b. We will continue marketing until we receive a request from you to cease marketing activities or you object;
c. We will continue marketing to third parties until you withdraw your consent to process your data for such purposes;
d. We will continue to provide the newsletter service until we are notified by you that you are opting out or objecting to further use of your personal information for this purpose;
e. we will process personal data obtained in the course of communication until the communication on the matter is completed. If the information contained in these communications could form the basis for a claim, we may keep it until the statute of limitations has expired;
f. we will retain personal information related to your registered account on the Website until you delete your account. If the information contained in this account, could be the basis for a claim, we may keep it until the statute of limitations, despite its deletion;
g. we will keep the personal data provided in the course of a contest or promotional action for the duration of their duration and settlement, with the data needed to comply with tax or settlement obligations being kept for the entire duration of such obligations, and the data needed for possible defense against or assertion of claims – until the expiration of the statute of limitations;
h. personal data that may need to be used to identify a violation of the law or to establish the commission of a crime may be processed for such purposes until the expiration of the last of the statute of limitations under applicable law.
If there is a change in the law resulting in the need to change the retention periods, they may be reduced or extended accordingly. After the expiration of the given period, we will not use your personal data for the indicated purpose. However, this does not mean that they will be deleted. The data may be retained by us until the expiration of the longest period that presupposes its processing.
(5) Personal data may be transferred to data processors and other recipients. We distinguish the following categories of potential recipients:
a. Persons with whom the Administrator cooperates in performing services for you. These will include, in particular, the Administrator’s employees and associates, its subcontractors, and its business partners, such as suppliers, freight forwarders, other logistics or warehousing service providers, manufacturers, service providers operating in the e-commerce market, providers of web applications used in the Store, payment operators (e.g. PAYNOW);
b. Entities that may process this personal data on the basis of applicable laws, in connection with their tasks, for example, judicial authorities or tax administration authorities;
c. Entities supporting the Administrator in the conduct of its business. These will include, in particular, persons providing IT services, hosting, legal advice, tax advice, human resources, accounting, and auditors, debt collectors.
(6) Personal data shall not be transferred to other categories of third parties. In exceptional situations, personal data may be provided to a third party in connection with the need to comply with an obligation under mandatory provisions of law.
(7) The Administrator may transfer personal data to third countries (outside the EEA) and international organizations. The Administrator shall ensure that data will be transferred only to countries for which the European Commission has issued decisions on their compliance with an adequate level of personal data protection and/or in compliance with all legal requirements, including on the basis of an appropriate agreement containing data protection clauses adopted by the European Commission or binding corporate rules, ensuring adequate security of the transferred personal data. Notwithstanding the foregoing, the Administrator notes that the Administrator’s partners with which services are provided through this Shop (Shopify) may transfer data outside the EEA. To the extent that they are independent controllers of personal data, they set their own rules and purposes for the processing of personal data, and this Policy does not apply to them, so we again recommend that you familiarize yourself with their established data processing rules before continuing to use the Website.
(8) Personal data is not subject to automated decision-making (subject to Cookies) or profiling by the Administrator. However, profiling may be carried out by our partner, Swym Corporation, through the Store’s website in order to provide you with more personalized advertising by analyzing your behavior on the Store’s website, if you consent to the use of targeting cookies. You have the right to object to profiling. The rules for the processing of personal data by Swym Corporation are governed by an independent privacy policy, as Swym Corporation is an independent controller of personal data. We have included the address of the privacy policy current as of the date of publication of this policy in the Cookies section below. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and that produces legal effects on the data subject or similarly significantly affects the data subject. The Administrator points out that profiling possibly carried out by Swym Corporation with the help of cookies does not in any way affect the decision-making process on the conclusion, refusal to conclude and execution of the contract for the sale of goods.
V. RIGHTS OF THE DATA SUBJECT
(1) You have certain rights in connection with the processing of your personal data. These include:
1) The right of access to your personal data – this is the right to obtain from the Administrator information about the processing of your Personal Data, including the purposes and legal grounds for processing, the data held, the entities to which your data are disclosed and the planned date for their deletion;
2) The right to obtain a copy of your Personal Data – you can exercise this right to obtain a copy of your Personal Data that is processed by the Administrator;
3) The right to rectification and to supplement your Personal Data – you can exercise this right if you notice that the Personal Data is incorrect or incomplete. In this case, we undertake to remove any inconsistencies or errors in the processed Personal Data and to complete it if it is incomplete;
4) The right to request deletion of data (the right to be forgotten) – you can exercise it if you notice that the Personal Data is incorrect or incomplete. In this case, we undertake to remove any inconsistencies or errors in the processed Personal Data, and to complete it if it is incomplete.
5) The right to request restriction of processing – if you find that the Personal Data is incorrect, processed unlawfully, or you do not want it deleted; you no longer need it from us, but you may need it to defend or assert a claim; you raise an objection to the processing of the Personal Data; in such situations, you may request restriction of the processing of your data, whereby in case of an irregularity or an objection, the restriction will be for the time we need to consider the issues;
6) The right to data portability – you may request data portability if we process your data on the basis of your consent or a contract concluded with you;
7) The right to object to the processing of Personal Data – you may exercise this right at any time, for reasons related to your particular situation, if the Personal Data is processed on the basis of a legitimate interest of the Administrator. Please note that the objection must be justified;
8) The right to object to the processing of Personal Data for marketing purposes – you can exercise this right at any time if your Personal Data is processed for marketing purposes, without having to justify such objection;
9) The right to withdraw consent to the processing of personal data – you can withdraw the consent you have given us to process your personal data at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before its withdrawal;
10) The right to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw) – if you believe that we have violated your personal data, you may also inform the President of the Office for Personal Data Protection by filing a complaint at the address indicated above.
(2) Please note that you have the right to object at any time to the processing of your personal data on the basis of the legitimate interests of the Controller, on grounds related to your particular situation. Once you have lodged an objection, we are not allowed to further process your personal data for this purpose unless we demonstrate the existence of valid, legitimate grounds for processing that override your interests, rights and freedoms, or grounds for establishing, asserting or defending claims.
(3) In addition to the rights indicated above, you also have the right to ask us whether your Personal Data is being processed. This right can be exercised together with the right of access.
(4) In addition, if your data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, to the extent that the processing is related to it. After raising such an objection, we are not allowed to further process such data for direct marketing purposes.
(5) You can file an objection by e-mail or send a letter on the matter to our mailing address. Both addresses are indicated above. By the same route, you can also exercise your other rights, with the exception of a complaint to PUODO.
VI. INFORMATION ON DATA SECURITY AND SAFETY
(1) The controller shall apply technical and organizational measures to secure the collected personal data, in a manner that is sound and adapted to both the risks and the protected data.
(2) The administrator has implemented these measures to ensure a degree of security corresponding to the risk. In doing so, the state of the art, the cost of implementation and the nature, scope, purpose and context of the processing, as well as the risk of violation of the rights and freedoms of individuals, including o various probabilities of its occurrence and the severity of the threat, were taken into account.
(3) The controller shall specifically take into account the risks involved in the processing of data arising from: accidental or unlawful destruction; loss, modification, unauthorized disclosure of data; unauthorized access to personal data transmitted, stored or otherwise processed.
VII. COOKIES PLICKS
1 Below you will find information about the cookie policy applicable to the Website. The Website uses Cookies when users use the Website. “Cookies” are IT data that are stored on terminal devices (for example, either on a computer or on a phone) and are transmitted when using the Website. A cookie contains an individual identifier of the user, so that the settings selected by the user can be identified and applied by the website on the user’s next visit, without having to configure them again. For example, it allows the website to display the language of the user’s choice. These files contain the name of the website to which they relate and the aforementioned individual identifier. They may also contain information about the time they are stored on the user’s terminal device. The final shape of the Cookie File will depend on, among other things. on the terminal device you use to connect to the Website.
(2) Given that certain cookies are considered personal data within the meaning of the RODO, the previous information on the principles of personal data processing contained in this Policy will also apply to cookies that are personal data.
3 Cookies are processed by the Administrator, for the purposes of the Website. Some Cookies may be processed by our partners through the Website. Our partners are the controllers of your personal data, independent of us, and process them according to the rules they set out. We recommend that you familiarize yourself with them before agreeing to their processing of Cookies. The purposes of the processing and the identification of the data processor of the Cookies are contained in the “preferences” tab, available when you visit our website.
(4) Unless the processing of Cookies of a particular type is necessary for the proper functioning of the Website, it will take place only after you have given the appropriate consent.
5 We use cookies for the following purposes:
i. To optimize the use of the Website;
ii. To ensure safe use of the Website;
iii. to customize the content displayed on the Website to your preferences and to your terminal device;
iv. To improve the Website, among other things. through testing its performance.
(6) In addition, our partner may collect Cookies through the Website to enable us to provide you with more personalized advertisements, including on other sites. If you do not consent to them, the ads will continue to be displayed, but less tailored to your preferences. This partner is Swym Corporation. You can find information about this partner’s personal data processing policies on this page: https://swym.it/privacy/. Please remember that these Cookies will not be processed if you do not give your consent.
7 The second of our partners that may process Cookies through our Website is Shopify. Shopify’s IT infrastructure is the backbone of the Website. You can find Shopify’s data processing policies at https://www.shopify.com/legal/privacy#us-policy. This partner may process both Cookies necessary for the functioning of the Website and functional Cookies and performance Cookies.
8. some Cookies are also necessary for the functioning of the Website. Due to this, disabling them is not possible. However, they can be removed using browser settings by the user, nevertheless, this may lead to worse functioning of the website, and in extreme cases even make it impossible.
9 We may process Cookies from any device through which you use the Website. Accordingly, we may process, among other things. the length of time the data is stored on the respective terminal device. In addition, this may include data such as device data, usage events (e.g. last visit, time of visit) device location.
(10) Please note that some of the Cookies to which you consent are processed through the Website, but without our direct involvement. These are, for example, the already mentioned Cookies that enable personalization of advertisements.
11. cookie data from your device is processed automatically and may be used to evaluate your behavior on the Website.
12 Cookies can be divided into permanent and session files. Session files are stored for the duration of your visit to the site and use of the browser, sometimes also shortly after the end of the visit (e.g. for 30 minutes). Permanent files, on the other hand, are also stored after you have finished using your browser and will remain on your device for a certain period of time, and some of them even without an expiration period – the deciding factor in some cases will be your website settings.
13. the storage period of individual Cookies are as follows:
Necessary Cookies:
i. Localisation – 1 year;
ii. keep alive – 30 minutes;
iii. secure customer sig 1 year;
Functional Cookies (allow you to provide better functionality and personalization of the Site):
i. _y – 1 year;
ii. _shopify_y – 1 year;
iii. _shopify_s – 1 year;
iv. _orig_refferer_ 14 days;
v. _s – 30 minutes;
vi. shopify_sa_t – 30 minutes;
vii. shopify_sa_p – 30 minutes;
viii. _landing_page – 14 days;
Targeting cookies (These cookies may be used to build a profile of your interests and display tailored ads on other sites. If you do not allow their use, you will experience less tailored ads):
swym-session-id – 30 minutes.
14. due to the already mentioned possibility of placing Cookies by our partners through the Website, we can divide Cookies into so-called “first party cookies” and “third party cookies”. first party cookies and third party cookies.
15 We can divide the cookies collected by the Website as follows: into essential Cookies (first party and third party), functional Cookies (third party), performance Cookies (third party) and targeting Cookies (third party).
16 You will find information on how to delete cookies at these links: Chrome, Internet Explorer, Opera, Firefox, Safari, Edge.
VIII. CHANGE OF DATA PROCESSING RULES
(1) The provisions of this Policy are subject to change. This will be done by publishing the amended Policy on the Website. Persons who have created an Account on the Website may receive the relevant information via e-mail.
(2) To the extent not covered by this Policy, the generally applicable data protection regulations shall apply.
(3) This Policy is effective as of APRIL 01, 2024.
(4) This Policy shall be governed by Polish law.
