MENU

Privacy policy

Privacy Policy for the www.sandras.fit website

DEFINITIONS

Administrator: Sandra & Co sp. z o.o. with its registered office in Suchy Las, 25 Szkółkarska Street, entered in the register of entrepreneurs under the number KRS: 0000930920 share capital: 5000 PLN, having tax identification number NIP 972-132-18-97; REGON 520384802

Personal Data: all information about an identified or identifiable natural person through one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including device IP number, location data, internet identifier and information collected through cookies and other similar technology.

Policy: this Privacy Policy.

DPA: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Service: the website published by the Administrator to which this Policy applies i.e. www.sandras.fit, managed by the Administrator.
User: any natural person visiting the Website or using the services or functionalities made available in the Website.

DATA PROCESSING IN CONNECTION WITH USE OF THE SERVICE
In connection with the use of the Website by the User, the Administrator collects data to the extent necessary to provide individual services offered through the Website, as well as information on the User’s activity in the Website. Below are described the detailed principles and purposes of the processing of personal data collected in connection with the use of the Website by the User.

PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE WEBSITE
Using the Website
Personal data of all persons using the Service (including IP address or other identifiers and information gathered through cookies or other similar technologies) are processed by the Administrator:

  • for the purpose of providing services electronically in the scope of making available to Users the content collected in the Service – then the legal basis of the processing is the indispensability of the processing for the performance of the agreement (Article 6.1.b) RODO),
  • for analytical and statistical purposes – then the legal basis of the processing is the Administrator’s legitimate interest (Article 6.1.f) RODO), consisting in conducting analyses of User activity, as well as of their preferences, in order to improve functionalities and services provided;
  • in order to possibly determine, pursue or defend against claims – the legal basis of the processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO) consisting in protection of one’s rights;

User activity on the Website, including his/her personal data, are recorded in system logs. The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes these data for technical and administrative purposes, to ensure the security of the IT system and its management, as well as for analytical and statistical purposes – in this regard the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO).

Contact forms

The administrator provides the possibility to contact him using an email or a contact form. Provision of basic data (name, surname, email address) is required in order to receive and handle the inquiry, and failure to do so will result in the inability to handle it. Provision of other data is voluntary.

Personal data is processed:

  • for the purpose of identifying the sender and handling his/her inquiry – the legal basis for processing is the necessity of processing for the performance of the contract for the provision of services (Article 6(1)(b) of the RODO);
  • for analytical and statistical purposes – the legal basis of the processing is the Administrator’s legitimate interest (Article 6.1.f) RODO), consisting in statistics on inquiries submitted by Users via the Website in order to improve its functionality.


Newsletter

The Administrator provides a newsletter service to persons who have provided their e-mail address for this purpose. Provision of data is required in order to provide the newsletter service, and their failure to provide results in the impossibility of its dispatch.

Personal data is processed:

  • in order to provide the newsletter service – the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) RODO);
  • in the case of directing marketing content to the User within the newsletter – the legal basis for processing, including profiling is the legitimate interest of the Administrator (Article 6(1)(f) RODO), in connection with the consent to receive the newsletter;
  • for analytical and statistical purposes – the legal basis of the processing is the Administrator’s legitimate interest (Article 6.1.f) RODO) consisting in conducting analyses of User activity in the Service in order to improve the applied functionalities;
  • in order to possibly determine, pursue or defend against claims – the legal basis of the processing is the Administrator’s legitimate interest (Article 6(1)(f) RODO).

 

Collection, acquisition, scope and purpose of collection of personal data

  • The Administrator informs Users that it entrusts the processing of personal data
    to the following entities:
    1. Edrone Sp. z o.o., ul.1 Lekarska, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 -.
    in order to use the mailing system edrone.me, which is used to send
    newsletter,
    2. edrone Sp. z o.o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197:
    – for marketing purposes only and exclusively for the purposes of an email, sms, social
    media campaign launched or indicated by Administrator using edrone system,
  • The Administrator informs that it uses the following technologies to track actions taken
    by the user/customer within the framework of the Store’s website:
    1. edrone tracking codes – for the purpose of analyzing Store website statistics, as well as for
    marketing purposes only for the purposes of e-mail, sms, and social media campaigns
    launched or indicated by the Administrator using the edrone system.

 

Cookies policy

COOKIES AND SIMILAR TECHNOLOGY

Cookies are computer data, in particular text files, installed on the device of a User browsing the Website. Cookies usually contain the domain name of the website from which they originate, the time of storage on the terminal equipment and a unique number.

Cookies are used in order to:

  1. adapting the content of websites to User preferences and optimizing the use of the Website; in particular, these files allow you to recognize the device of a website user and appropriately display the website, tailored to his individual needs,
  2. creation of statistics, which help to understand how the website users use the websites, which enables improvement of their structure and content,
  3. maintain the session of the website user (after logging in), thanks to which the user does not have to enter the login and password again on each subpage of the website,
  4. provide users with advertising content more suited to their interests.

“Service” cookies

The Administrator uses so-called “service” cookies primarily to provide the User with services provided electronically and to improve the quality of such services. In this regard, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies to store information or gain access to information already stored in the User’s telecommunications terminal equipment (computer, telephone, tablet, etc.). Cookies used for this purpose include:

  • cookies with data entered by the User (session identifier) for the duration of the session (user input cookies);
  • authentication cookies used for services that require authentication (authentication cookies);
  • security cookies, such as those used to detect authentication abuses (user centric security cookies);
  • multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
  • persistent cookies used to personalize the user interface for the duration of the session or a little longer (user interface customization cookies).
  • cookies used to monitor website traffic, i.e. data analytics, including cookies: Google Analytics (these are cookies used by Google – i.e. the entity to which the Administrator has entrusted the processing of personal data – to analyze the use of the Website by the User, including the creation of statistics and reports on the functioning of the Website).

“Marketing” cookies

The Administrator may also use cookies for marketing purposes, including in connection with directing behavioural advertising to Users. For this purpose the Administrator can store information or gain access to information already stored in a User’s telecommunications terminal equipment (computer, telephone, tablet, etc.). The use of cookies and personal data collected through them for marketing purposes, in particular to promote the services and goods of third parties, requires the consent of the User. This consent can be withdrawn at any time.

Other information

In many cases, software used to browse the Internet (web browser) by default allows you to store cookies on User’s end device. Users of the Website may at any time change their settings concerning cookies. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of your web browser or inform on their timely placement in the device of the User of the Website. Detailed information on the possibility and methods of using cookies is available in the settings of your web browser software. Failure to change the settings for cookies means that they will be placed on the user’s terminal equipment and thus the Administrator will store information on the user’s terminal equipment and gain access to this information.

PERIOD OF PERSONAL DATA PROCESSING

The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data are processed for the duration of the service or the fulfillment of the order, until the withdrawal of the expressed consent or until an effective objection to the data processing in cases where the legal basis of the data processing is the legitimate interest of the Administrator. The data processing period may be extended, in particular in the following circumstances:

  • until the statute of limitations for potential claims arising from contracts concluded between the Administrator and the User,
  • for the time necessary to assert specific claims lodged by the Administrator or to repel them (if the User lodged claims) in connection with the concluded agreements,
  • for the time required to comply with legal obligations, including in particular tax and accounting regulations, e.g. obligations related to the retention of records in accordance with the requirements of the Accounting Act of 29 September 1994,
  • for the period necessary for the Administrator to document before the public administration authorities, including the supervisory authority in the scope of personal data protection, the correctness of fulfillment of legal obligations incumbent upon it,
  • for archiving purposes, where it concerns the history of correspondence conducted and queries answered (not directly related to the concluded agreements).

After the expiration of the processing period, the data are irreversibly deleted or anonymized.

USER RIGHTS

The user is entitled to:

  • the right to information about the processing of personal data – on this basis the Administrator provides the individual making the request with information about the processing of data, including in particular the purposes and legal basis of the processing, the scope of the data held, the entities to which they are disclosed, and the planned date of data erasure;
  • the right to obtain a copy of data – on this basis the Administrator provides a copy of the processed data to the individual who submits the request;
  • Right to rectification – the Administrator is obliged to remove any inconsistencies or errors in the processed Personal Data, and to complete them if they are incomplete;
  • the right to erasure – on this basis, the data can be erased if its processing is no longer necessary for any of the purposes for which it was collected
  • the right to restrict processing – if such a request is made, the Administrator shall cease to carry out operations on the Personal Data – with the exception of operations on which the Data Subject has given the consent – and to store them, in accordance with the adopted rules of retention, or until the reasons for the restriction of data processing cease to exist (e.g. a decision is issued by a supervisory authority allowing further processing)
  • the right to data portability – on this basis – in the extent to which the data are processed by automated means in relation to the concluded contract or the consent given – the controller sends the data provided by the data subject in a computer-readable format. It is also possible to request the data to be sent to another entity, provided that there is technical possibility to do so on the side of both the Administrator and the indicated entity;
  • Right to object to processing for marketing purposes – the Data Subject may at any time object to processing of the Personal Data for marketing purposes, without having to justify the objection;
  • Right to object to other processing purposes – the Data Subject may at any time object – on grounds relating to his or her particular situation – to the processing of Personal Data which is carried out on the basis of a legitimate interest of the Controller (e.g. for analytical or statistical purposes, or for reasons connected with the protection of property); the objection in this respect should contain a justification;
  • Right to withdraw consent – if the data are processed on the basis of the consent given, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of processing performed before the withdrawal of consent;
  • The right to lodge a complaint – if the processing of Personal Data is considered to violate the provisions of the RODO or other provisions on the protection of Personal Data, the Data Subject may lodge a complaint with the supervisory authority supervising the processing of Personal Data competent for the Data Subject’s habitual residence, place of work or the place where the alleged breach occurred. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
    The above rights may be exercised by contacting the Controller (via e-mail at [email protected] or in writing to the address: Sandra & Co sp. z o.o. ul.Szkółkarska 25 Suchy Las 62-002.)

DATA RECIPIENTS

In connection with the provision of services, personal data will be disclosed to external entities, including in particular providers responsible for the operation of IT systems used to provide services, entities such as banks and payment operators, research companies, entities providing accounting and legal services, marketing agencies (within the scope of marketing services) and entities related to the Administrator.
If the User gives his/her consent, his/her data may also be made available to other entities for their own purposes, including marketing purposes.
The Administrator reserves the right to disclose the information concerning the User to the proper authorities or to third parties who make a request for such information on the basis of an appropriate legal basis and in accordance with the provisions of the law in force.

TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers personal data outside the EEA only when necessary, and with an adequate level of protection, primarily by:

  • cooperating with processors of personal data in countries for which a relevant European Commission decision has been issued;
  • applying standard contractual clauses issued by the European Commission;
  • applying binding corporate rules approved by the competent supervisory authority;

The controller shall always inform about the intention to transfer personal data outside the EEA at the stage of its collection.

SECURITY OF PERSONAL DATA

The Administrator conducts a risk analysis on a regular basis in order to ensure that personal data is processed by him in a secure manner, ensuring above all that only authorized persons have access to the data and only to the extent necessary for the performance of their tasks. The controller shall ensure that all operations on personal data are recorded and performed only by authorized employees and associates.

CONTACT INFORMATION

Contact with the Administrator is possible through the e-mail address [email protected] or in writing to the address:  Sandra & Co sp. z o.o., ul.Szkółkarska 25, Suchy Las 62-002

CHANGES TO THE PRIVACY POLICY

The Policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy has been adopted and is effective as of 20.11.2021.

OWSIANKA
ZA 1ZŁ

Śniadanie to najważniejszy posiłek dnia, dlatego zacznij go od przygotowania jednej z naszej nowości: owsianki z dodatkiem kakao lub matchy. Do końca tygodnia przy zamówieniu za min. 200 zł otrzymasz ją za 1 zł! Dostawa na terenie Polski jest bezpłatna. 

LANGUAGE:

CURRENCY: