Privacy Policy

We are placing into your hands a document where you will find, in one place, the rules for processing personal data as well as the use of cookies and other tracking technologies in connection with the operation of the online store https://www.whitepocket.pl.

This privacy policy has been structured in a Q&A (Questions and Answers) format. This format was chosen out of care for the transparency and clarity of the information presented to you.

If you have any doubts regarding this privacy policy, you can contact us at any time by sending a message to: shop@whitepocket.pl

PERSONAL DATA

Which legal act regulates the processing of your personal data?

Your personal data is collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1), commonly known as GDPR (Polish: RODO). To the extent not regulated by the GDPR, the processing of personal data is governed by the Polish Personal Data Protection Act of May 10, 2018.

Who is the controller of your personal data?

The controller of the personal data collected through the Store is Lepre Spółka z ograniczoną odpowiedzialnością (limited liability company), entered into the register of entrepreneurs of the National Court Register (KRS) by the District Court Gdańsk-Północ in Gdańsk, VII Commercial Division of the National Court Register, with its registered office at ul. Jar Raduni 19, 83-000 Juszkowo, KRS: 0001132593, NIP: 6040254299, REGON: 540045711, share capital: PLN 5,000.00.

Regarding your personal data, you can contact us via:

  • Email: shop@whitepocket.pl

  • Postal mail: ul. Jar Raduni 19, 83-000 Juszkowo

  • Phone: +48 882 143 352

What personal data do we process and for what purposes?

There is more than one purpose. Below is a list of these purposes, along with the corresponding legal bases for processing:

  • Order fulfillment – Art. 6(1)(b) GDPR, until the expiry of the statute of limitations for claims regarding the performance of the contract.

  • Newsletter delivery – Art. 6(1)(a) GDPR, until the day you withdraw your consent to the processing of personal data.

  • Handling product comments or reviews – Art. 6(1)(a) GDPR, until an objection to the processing of personal data is raised.

  • Handling correspondence – Art. 6(1)(f) GDPR, until an objection to the processing of personal data is raised.

  • Fulfillment of tax and accounting obligations – Art. 6(1)(c) GDPR, until the expiry of the legal obligations encumbering the Controller that justified the processing of personal data.

  • Archiving for the purpose of potential defense, establishment, or exercise of claims – Art. 6(1)(f) GDPR, until the expiry of the statute of limitations for claims regarding the performance of the contract.

  • Own marketing – Art. 6(1)(f) GDPR, until an objection to the processing of personal data is raised.

  • Analyzing traffic on the online store website – Art. 6(1)(f) GDPR, until an objection to the processing of personal data is raised.

RECIPIENTS OF PERSONAL DATA

Who are the recipients of your personal data?

External service providers involved in the processing of your personal data include:

  • The hosting provider that stores data on the server.

  • The mailing system provider where your data is stored if you are a newsletter subscriber.

  • Entities handling electronic or payment card payments.

  • The online store system provider where your data is stored in order to execute orders.

  • The invoicing system provider where your data is stored to issue invoices.

  • The accounting office that processes your data visible on invoices.

  • The technical support service provider who gains access to data if the technical work carried out covers areas where personal data is located.

  • Other subcontractors who gain access to data if the scope of their activities requires such access.

Your data is shared with courier companies to the extent necessary to deliver your order. These companies become independent controllers of your personal data.

 

Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, settlement, and accounting obligations. This applies in particular to any declarations, reports, statements, and other accounting documents containing your personal data.

 

Do we use profiling? Do we make automated decisions based on your personal data?

We use tools to direct personalized advertisements to you. Based on your actions in the Store, in particular your choice of viewed content and the time spent on the Store's subpages, we adjust and display marketing content tailored to you. Thanks to this profiling, we can direct a marketing message that is more desirable to you, which benefits both us and you, as it limits marketing messages regarding goods and services that are not within your area of interest.

Do we transfer your data to third countries or international organizations?

Yes, some operations involving the processing of your personal data may involve transferring it to third countries.

We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, particularly in the USA. The providers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms provided for by the GDPR, in particular by participating in the "EU-US Data Privacy Framework" program.

 

The storage of personal data on servers located in third countries occurs within the framework of the following tools:

  • Google tools: Your personal data may be transferred to the United States, where the servers of Google LLC are located. Google LLC is listed as a participant in the EU-U.S. Data Privacy Framework program.

  • Facebook tools: Your personal data may be transferred to the United States, where the servers of Meta Inc. are located. Meta Inc. is listed as a participant in the EU-U.S. Data Privacy Framework program.

  • Pinterest: Your personal data may be transferred to the United States, where the servers of Pinterest Inc. are located. Pinterest Europe Ltd. transfers personal data outside the EEA only when appropriate safeguards are in place to protect personal data, such as standard contractual clauses.

  • Klaviyo tool: Your personal data may be transferred to the United States, where the servers of Klaviyo Inc. are located. Klaviyo Inc. is listed as a participant in the EU-U.S. Data Privacy Framework program.

RIGHTS IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA

What rights do you have in connection with the processing of your personal data?

The GDPR grants you the following potential rights related to the processing of your personal data:

 

  • The right to access your data and receive a copy of it.

     

  • The right to rectify (correct) your data.

     

  • The right to erase data (if, in your opinion, there are no grounds for us to process your data, you can request that we erase it).

  • The right to restrict processing (you can request that we restrict processing solely to storing the data or performing actions agreed with you if, in your opinion, we have incorrect data or are processing it without justification).

  • The right to object to processing (you have the right to object to processing based on a legitimate interest; you should indicate the specific situation that you believe justifies us ceasing the processing covered by the objection; we will stop processing your data for these purposes unless we demonstrate that the grounds for our processing override your rights or that your data is necessary for us to establish, exercise, or defend claims).

  • The right to data portability (you have the right to receive from us, in a structured, commonly used, and machine-readable format, the personal data you provided to us based on a contract or your consent; you can also instruct us to send this data directly to another entity).

     

  • The right to withdraw consent to the processing of personal data, if you have previously given such consent.

     

  • The right to lodge a complaint with a supervisory authority (if you find that we are processing data unlawfully, you can submit a complaint to the President of the Personal Data Protection Office—UODO—or another competent supervisory authority).

     

The rules related to the exercise of the rights indicated above are described in detail in Articles 16–21 of the GDPR. We encourage you to familiarize yourself with these provisions. For our part, we consider it necessary to explain to you that the rights indicated above are not absolute and will not apply to all processing activities of your personal data.

We emphasize that one of the rights indicated above is always available to you—if you believe that we have violated personal data protection regulations while processing your data, you have the option to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office).

You can also always request information from us about what data we hold about you and for what purposes we process it. Simply send a message to shop@whitepocket.pl. However, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the email address provided above if you have any questions related to the processing of your personal data.

 

COOKIES

Do we use cookies and what exactly are they?

While browsing the Store's website, "cookies" (hereinafter referred to as Cookies) are used. These are small text files stored on your terminal device in connection with your use of the Store. Their use is aimed at the correct operation of the Store's web pages.

These files allow us to identify the software used by you and customize the Store individually to your needs. Cookies typically contain the name of the domain they come from, their storage time on the device, and an assigned value.

Is it safe?

The Cookies we use are safe for your devices. In particular, it is not possible for viruses, unwanted software, or malicious software to access your devices through Cookies.

What types of Cookies do we use?

We use two types of Cookies:

  • Session Cookies: These are stored on your device and remain there until the session of a given browser ends. The saved information is then permanently deleted from your device's memory. The mechanism of session Cookies does not allow for the collection of any personal data or any confidential information from your device.

  • Persistent Cookies: These are stored on your device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not remove them from your device. The mechanism of persistent Cookies does not allow for the collection of any personal data or any confidential information from your device.

For what purposes do we use cookies?

We also use third-party Cookies for the following purposes:

  • Store configuration.

  • Creating statistics that help understand how online store users use websites, which enables the improvement of their structure and content via Google Analytics tools (controlled by Google Ireland Ltd., based in Ireland).

  • Gathering information about User behavior using the Facebook Pixel tool (controlled by Meta Platforms Ireland Limited, based in Ireland).

  • Determining the Customer's profile in order to display tailored materials to them in advertising networks, using the Google Ads online advertising tool (controlled by Google Ireland Ltd., based in Ireland).

  • Popularizing the online store on Facebook (controlled by Meta Platforms Ireland Limited).

  • Popularizing the online store on Pinterest (controlled by Pinterest Europe Ltd., based in Ireland).

  • Gathering information about User behavior using the Klaviyo tool (controlled by Klaviyo Inc.).

To learn the rules of using Cookies, we recommend reviewing the privacy policies of the companies mentioned above.

Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to your preferences. For this purpose, information about your navigation path on the web or the time spent on the website may be preserved.

To view and edit information about your preferences collected by the Google advertising network, you can use the tool found at the link: https://www.google.com/ads/preferences/.

Using your web browser settings or via the service configuration, you can independently and at any time change Cookie settings, specifying the conditions for their storage and access by Cookies to your device. You can change these settings to block the automatic handling of Cookies in your web browser settings or to be informed every time they are placed on your device. Detailed information about the possibilities and ways of handling Cookies is available in your software (web browser) settings.