0
Your Cart
0
Your Cart

Privacy Policy

Privacy Policy

The controller of personal data responsible for their processing is:

CREAMY MINT Magdalena Wójciak
Ofiar Oświęcimskich 10/7
50-069 Wrocław ​​
biuro@sobio.com.pl

Phone: 48 881 327 945

Thank you for your interest in our online store. Protecting your privacy is very important to us. Below you will find detailed information on how your personal data is handled.

1. Access Data and Hosting

Our websites may be visited without providing any personal data. Each time a website is accessed, the server automatically stores so-called server log files, such as the name of the requested file, your IP address, the date and time of access, the volume of data transferred, and the requesting Internet service provider (access logs), and documents the page request.

These data are analysed solely to ensure the proper functioning of our website and to improve our offer. This constitutes our legitimate interest pursuant to Article 6(1)(f) GDPR in the correct and optimal presentation of our website and services. All access data are deleted no later than seven days after the end of your visit.

 Hosting

Hosting and website display services are partly provided on our behalf by external service providers acting as data processors. Unless otherwise stated in this Privacy Policy, all access data and data collected via forms on our website are processed on their servers.

If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us using the details provided in section “Our contact details and your rights”.

2. Collection and Processing of Data for Contract Performance, Contact Purposes and Customer Accounts

We collect personal data only when you voluntarily provide it to us when placing an order, contacting us (e.g. via a contact form or email), or creating a customer account. Mandatory fields are marked accordingly, as the information they contain is required to perform the contract or process your enquiry.

The scope of collected data results directly from the respective input forms. The data you provide are processed in accordance with Article 6(1)(b) GDPR for the purpose of contract performance and responding to enquiries. Where you consent to the creation of a customer account pursuant to Article 6(1)(a) GDPR, your personal data will be processed for this purpose.

Further information regarding data processing, in particular data transfers to service providers for order fulfilment, payment and delivery, can be found in the subsequent sections of this Privacy Policy.

After full performance of the contract or deletion of your customer account, your data will be restricted and deleted after expiry of statutory retention periods under tax and accounting regulations (Article 6(1)(c) GDPR), unless you have expressly consented to further use (Article 6(1)(a) GDPR) or we are legally entitled to continue processing the data, as explained in this Privacy Policy.

Your customer account may be deleted at any time by contacting us or using the relevant function in your account settings.

Merchandise Management System

For order processing and contract fulfilment, we also use an external merchandise management system. Our service providers act as data processors under a data processing agreement. For details, please contact us using the information provided below.

3. Data Transfer for Delivery Purposes

For contract fulfilment (Article 6(1)(b) GDPR), your data are passed on to the shipping company selected during the ordering process in order to deliver the ordered products.

4. Data Processing for Payment Purposes

To process payments in our online store, we cooperate with external payment service providers and transfer your data to the payment provider selected during checkout. This processing is necessary for contract performance (Article 6(1)(b) GDPR).

Fraud Prevention and Payment Optimisation

In certain cases, additional information may be transmitted to payment service providers to prevent fraud and optimise payment processes (e.g. invoicing, disputed payment analysis, accounting support). This is based on our legitimate interest pursuant to Article 6(1)(f) GDPR.

Instalment Purchases

If you choose instalment payments and give your consent (Article 6(1)(a) GDPR), your personal data and transaction details will be transferred to our partner PayU S.A., Grunwaldzka 186, 60-166 Poznań, Poland, for payment processing and credit assessment.

PayU may obtain information from publicly available databases and credit reference agencies. Details are available in PayU’s Privacy Notice:
https://poland.payu.com/nota-o-prywatnosci-payu/

Consent may be withdrawn at any time with effect for the future.

5. Marketing Channels: Email

Newsletter Subscription

If you subscribe to our newsletter, we will use your email address to send regular updates based on your consent (Article 6(1)(a) GDPR). You may unsubscribe at any time via the link in the newsletter or by contacting us.

Newsletter Distribution

The newsletter is sent via an external service provider acting as a data processor. Some providers are based in the USA. Data transfers are safeguarded using Standard Contractual Clauses approved by the European Commission.

Review Invitations

If you consent, we may send you email invitations to review your purchase. This service may be provided by Trusted Shops, which may use subcontractors in the USA under appropriate data protection safeguards.

6. Cookies and Similar Technologies

General Information

To enhance usability and ensure proper website functionality, we use cookies and similar technologies. Cookies are small text files stored on your device. Some are session cookies, others are persistent cookies.

Essential technologies are used pursuant to Article 6(1)(f) GDPR to ensure optimal presentation of our offer. Additional tools for analytics and marketing are used only with your consent (Article 6(1)(a) GDPR).

You may withdraw consent at any time by contacting us.

7. Analytics and Marketing Tools

With your consent, we use tools provided by third parties, including Google Analytics, Google Maps, Google Fonts, YouTubeFacebook PixelFacebook AnalyticsFacebook AdsAdobe Fonts, and Tidio Live Chat.

Data transfers to the USA are safeguarded by Standard Contractual Clauses.

8. Social Media

We use social media plugins and maintain profiles on platforms such as Facebook, Instagram, Twitter (X), YouTube, Pinterest and LinkedIn.

When visiting our profiles, your data may be processed for analytics and marketing purposes based on your consent. Details are available in the respective platforms’ privacy policies.

 9. Our Contact Details and Your Rights

You have the following rights under the GDPR:

  • Right of access (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to erasure (“right to be forgotten”) (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Right to Object

Where data are processed based on legitimate interests, you may object at any time with effect for the future. For direct marketing purposes, processing will cease immediately upon objection.

Where data are processed based on legitimate interests, you may object at any time with effect for the future. For direct marketing purposes, processing will cease immediately upon objection.