Privacy Policy

We ensure our Customers full respect for their privacy and protection of their personal data. Personal data provided to us by Customers during the Registration process or when making purchases are processed in accordance with data protection legislation. We store Customers' personal data ensuring their full security, and only authorised Store employees have access to the database.

Data Controller

1. The Data Controller, within the meaning of the Act of 29 August 1997 (Journal of Laws 1997, No. 133, item 883, as amended), is NIKOS Sp. z o.o. Sp.k., Wieliczka, Sygneczów 1, EU VAT No.: PL6020094728

2. Contact details of the Data Controller: email address: sklep@pokusa.org, phone: +48 607 526 952

Purpose of data collection and processing

1. Data is collected and processed for the purpose of creating individual accounts in the Pokusa for Health store and for concluding and executing (shipping to the Customer's address) purchase and sale agreements and potential complaint proceedings (Art. 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; hereinafter "GDPR").

2. The Store may use personal data for marketing purposes, i.e. sending information about the Store's offer and promotional offers via email/SMS Newsletter:

— only when the Customer has given consent by subscribing to the Newsletter (the legal basis for processing personal data for marketing purposes is Art. 6(1)(f) GDPR). Withdrawal of consent to receive marketing correspondence is possible by contacting the Store at sklep@pokusa.org (subject line: "Newsletter unsubscribe").

3. The wish to receive the email/SMS newsletter is expressed:

a. during Account registration in the Store by ticking the box "I want to receive the newsletter and SMS Newsletter"

b. by entering an email address in the dedicated field on the Store's website

Consent to receive the email/SMS newsletter is given upon confirming the email address sent via email.

4. The Store may use collected personal data to create Customer Groups and assign accounts to these groups based on Customer status or purchase history. Based on groups, the Store may send more tailored messages and communications about goods and services.

5. For the purposes of monitoring, reporting and improving the Store's services and operations, Customers' personal data may be processed for purposes other than those listed above (the legal basis for processing personal data is Art. 6(1)(f) GDPR).

6. In other cases, Customers' personal data will be processed solely on the basis of previously granted consent, within the previously specified scope and purpose.

Obligation to provide personal data

1. Failure to provide all required data by the Customer may prevent the conclusion of a purchase and sale agreement or registration in the Store.

2. Providing personal data is voluntary insofar as the data is collected on the basis of consent.

Information about recipients of Customers' personal data

1. In connection with the processing of Customers' personal data for the purposes of concluding and executing purchase and sale agreements, Customers' personal data may be disclosed to the following recipients or categories of recipients:

— entities performing processes necessary for the execution and delivery of orders placed through the online store,

— public administration bodies and entities performing public tasks or acting on behalf of public administration bodies, to the extent and for purposes arising from legal provisions,

— entities performing marketing processes, including referral systems, discount systems, and marketing automation.

Period of personal data processing

1. Customers' personal data is processed by the Store for the period necessary to provide electronic services in the scope of maintaining a user account and handling orders.

2. After the period described in point 1, personal data may continue to be processed to the extent required by legal provisions or for the realisation of the Store's legitimate interest as data controller.

3. In the case of using personal data for marketing purposes, data may be processed until such consent is withdrawn.

Data processing profiling

1. Personal data may be used for the purpose of preparing and sending personalised offers or messages.

2. Personal data is processed on the basis of profiling, which is carried out based on the Customer's activity, membership in customer groups, or purchase history.

Rights of Customers whose data is collected and stored

1. Every Customer who has provided their personal data has the following rights (arising from the GDPR):

— full access to their data for verification purposes (including the right to obtain a copy of such data)

— the right to modify personal data if it is incomplete, incorrect or outdated

— the right to request deletion of personal data when:

a. the data is no longer necessary for the purposes for which it was collected,

b. the data subject has objected to the processing of personal data,

c. the data subject has withdrawn consent on which processing is based and there is no other legal basis for processing,

d. the data is processed unlawfully,

e. the data must be deleted to comply with a legal obligation;

— the right to request restriction of personal data when:

a. the accuracy of personal data is contested by the data subject,

b. the data is processed unlawfully and the data subject opposes deletion, requesting restriction instead,

c. the data is no longer needed by the data controller, but the data subject needs it for establishing, defending or pursuing claims,

d. an objection to data processing has been raised by the data subject (pending determination of whether the controller's legitimate grounds override those of the objection)

— the right to data portability when:

a. the data is processed on the basis of an agreement concluded with the data subject or on the basis of expressed consent,

b. the processing of personal data is carried out by automated means

— the right to object to the processing of personal data by the controller when:

a. the data subject is in a particular situation,

b. the data subject's data is processed by automated means

The Customer also has the option of independently supplementing and editing their data after logging into their individual account or by submitting a request to Store employees.

Withdrawal of consent for personal data processing

The Customer has the right to withdraw consent for the processing of personal data at any time. Withdrawal of personal data does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

Upon notification of withdrawal, data will be deleted by deleting the user's Store account.

Right to lodge a complaint with a supervisory authority

The Customer has the right to lodge a complaint with the supervisory authority (the President of the Personal Data Protection Office) when they believe that the data controller is violating the GDPR.

Data security

We store Customers' personal data on secured servers. Only selected employees have access to the data. The location and manner of data storage is designed to ensure full security.

Every Customer who has provided us with their personal data has full access to their data for verification, modification or deletion purposes.

Cookie policy

Details regarding the Cookie Policy can be found on the Cookie Policy page.

We would like to draw your attention to the fact that if we place links on our Store's website leading to other websites not administered by us, we cannot be responsible for the content of those websites or for the level of privacy protection implemented by the administrators of those websites. By deciding to visit such websites, the Customer does so at their own risk. We encourage you to review the privacy policy of those websites before providing them with your personal data.

Any questions, requests and suggestions regarding the protection of your privacy, in particular personal data, should be sent to the email address: sklep@pokusa.org