Skip to main content
Crispy Natural - Naturally Crispy Snacks
Open search engine
Search
Close search engine Clear Search
English / zł
Products in the cart: 0. See details

Your cart is empty

Privacy Policy

 

 

PRIVACY POLICY
OF THE ONLINE STORE SKLEP.CRISPYNATURAL.PL

 

TABLE OF CONTENTS:
1. GENERAL PROVISIONS
2. LEGAL BASIS FOR DATA PROCESSING
3. PURPOSE, LEGAL BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
4. DATA RECIPIENTS IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
8. PFINAL PROVISIONS

 

1. GENERAL PROVISIONS
1.1. This privacy policy of the Online Store is for informational purposes only, which means it is not a source of obligations for Service Recipients or Customers of the Online Store. The privacy policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the legal bases, purposes, and scope of personal data processing, and the rights of persons whose data is processed, as well as information on the use of cookies and analytical tools in the Online Store.
1.2. The administrator of personal data collected via the Online Store is CRISPY NATURAL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA, based in Kalisz (registered office and correspondence address: ul. Łódzka 145A, 62-800 Kalisz), entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000467337, maintained by the District Court in Poznań – Nowe Miasto i Wilda, IX Commercial Division; NIP: 6182144296; REGON: 302460943; e-mail: sklep@crispynatural.pl; phone: +48 62-765-49-11 – hereinafter referred to as the "Administrator", who is also the Service Provider and Seller of the Online Store.
1.3. Contact details of the Data Protection Officer appointed by the Administrator: Mariola Wegner, email: dane.osobowe@crispynatural.pl
1.4. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR).
1.5. Using the Online Store, including making purchases, is voluntary. Likewise, providing personal data by the user or customer is voluntary, except in two cases: (1) When concluding agreements with the Administrator – providing personal data indicated on the Online Store website, Terms & Conditions, or this privacy policy is necessary. If not provided, it is impossible to conclude an agreement. (2) Legal obligations – providing data is required by law (e.g. for accounting/tax purposes). If not provided, the Administrator cannot fulfill such obligations.
1.6. The Administrator ensures that personal data is: (1) processed lawfully; (2) collected for specified, lawful purposes; (3) correct and relevant; (4) stored no longer than necessary and (5) processed securely, preventing unauthorized access, modification, loss, or damage.
1.7. Considering the nature, scope, context, and purposes of processing as well as the risk to individuals' rights and freedoms, the Administrator implements technical and organizational measures to ensure GDPR compliance. These measures are reviewed and updated as necessary.
1.8. All terms used with capital letters (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definitions in the Online Store’s Terms and Conditions.


2. LEGAL BASIS FOR DATA PROCESSING
2.1. The Controller is entitled to process personal data when – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2.2. The processing of personal data by the Controller requires that at least one of the legal bases indicated in section 2.1 of this Privacy Policy applies. The specific legal bases for the processing of personal data of Service Recipients and Customers of the Online Store by the Controller are indicated in the following section of the Privacy Policy – in relation to the specific purpose of personal data processing by the Controller.

3. PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
3.1. In each case, the purpose, legal basis, duration, and recipients of personal data processed by the Controller result from the actions undertaken by the given Service Recipient or Customer in the Online Store or by the Controller.
3.2. The Controller may process personal data within the Online Store for the following purposes, on the bases and for the durations specified in the table below:

 

Purpose of data processing

Legal basis for data processing

Data retention period

Performance of a Sales Agreement or an Electronic Service Agreement, or taking actions at the request of the data subject prior to concluding the aforementioned agreements

Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.

 

Data is retained for the period necessary to perform, terminate, or otherwise expire the concluded Sales Agreement or Electronic Service Agreement.

Sending commercial information, including direct marketing, using telecommunication terminal equipment (e.g., email, telephone) or automated calling systems

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, which include direct marketing — aimed at protecting the interests and good reputation of the Controller, its Online Store, and pursuing the sale of Products — for example, in connection with the prior consent given by the data subject (e.g., when subscribing to the Newsletter) to receive commercial information using telecommunication terminal equipment such as email or telephone, depending on the scope of the consent granted.

Data is retained for the duration of the legitimate interest pursued by the Controller, but no longer than the statute of limitations period for claims the Controller may have against the data subject arising from the Controller’s business activity. The limitation periods are defined by law, in particular by the Civil Code (the basic limitation period for claims related to business activities is three years, and for the Sales Agreement, two years).

The Controller may not process data for direct marketing purposes if the data subject has effectively objected to such processing.

Additionally, where the legal basis for processing is consent, data is stored until the data subject withdraws their consent for further processing of their data for the specific purpose indicated in that consent, without affecting the lawfulness of processing carried out based on consent before its withdrawal.

Providing the Customer’s feedback on the concluded Sales Agreement

Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of their personal data for the purpose of providing feedback.

 

Data is stored until the data subject withdraws their consent for further processing of their data for this purpose.

Maintaining accounting records

Article 6(1)(c) of the GDPR in connection with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395) – processing is necessary for compliance with a legal obligation to which the Controller is subject.

 

Data is retained for the period required by law for the Controller to store accounting records (5 years, counted from the beginning of the year following the financial year to which the data relate).

Establishing, pursuing, or defending claims that the Controller may assert or that may be asserted against the Controller

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting in establishing, pursuing, or defending claims that the Controller may assert or that may be asserted against the Controller.

 

Data is retained for the duration of the legitimate interest pursued by the Controller, but no longer than the statute of limitations period for claims that may be asserted against the Controller (the basic limitation period for claims against the Controller is six years).

Use of the Online Store website and ensuring its proper functioning

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting in operating and maintaining the Online Store website.

Data is retained for the duration of the legitimate interest pursued by the Controller, but no longer than the statute of limitations period for claims the Controller may have against the data subject arising from the Controller’s business activity. The limitation periods are defined by law, in particular by the Civil Code (the basic limitation period for claims related to business activities is three years, and for the Sales Agreement, two years).

Conducting statistics and analyzing traffic on the Online Store

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting of conducting statistics and analyzing traffic on the Online Store to improve its functioning and increase Product sales.

Data is retained for the duration of the legitimate interest pursued by the Controller, but no longer than the statute of limitations period for claims the Controller may have against the data subject arising from the Controller’s business activity. The limitation periods are defined by law, in particular by the Civil Code (the basic limitation period for claims related to business activities is three years, and for the Sales Agreement, two years).

 

4. DATA RECIPIENTS IN THE ONLINE STORE
4.1. For the proper functioning of the Online Store, including the execution of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities (such as software providers, couriers, or payment service providers). The Controller uses only such processors who provide sufficient guarantees of implementing appropriate technical and organizational measures so that processing complies with the GDPR requirements and protects the rights of data subjects.
4.2. Personal data may be transferred by the Controller to a third country; however, the Controller ensures that in such cases the transfer will be made only to countries providing an adequate level of protection — compliant with the GDPR — or, in the case of other countries, the transfer will be based on standard contractual clauses. The Controller ensures that the data subject has the right to obtain a copy of their data. The Controller transfers collected personal data only when and to the extent necessary to achieve the specific purpose of data processing consistent with this Privacy Policy.
4.3. The Controller does not transfer data in every case or to all recipients or categories of recipients listed in the Privacy Policy — data is transferred only when necessary to fulfill the specific purpose of data processing and only to the extent required for that purpose. For example, if the Customer uses personal pickup, their data will not be transferred to a carrier cooperating with the Controller.
4.4. Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.4.1. Carriers / freight forwarders / courier brokers — in the case of a Customer who chooses postal or courier delivery of the Product, the Controller provides the collected personal data of the Customer to the selected carrier, freight forwarder, or intermediary performing shipments on behalf of the Controller, to the extent necessary to complete delivery of the Product to the Customer.
4.4.2. Entities handling electronic or card payments — in the case of a Customer using electronic or card payments in the Online Store, the Controller provides the collected personal data of the Customer to the selected payment service provider acting on behalf of the Controller, to the extent necessary to process the payment made by the Customer.
4.4.3. Providers of survey systems — in the case of a Customer who has agreed to provide feedback on the concluded Sales Agreement, the Controller provides the collected personal data of the Customer to the selected provider of survey systems used for collecting feedback on Sales Agreements in the Online Store, acting on behalf of the Controller, to the extent necessary for the Customer to provide feedback via the survey system.
4.4.4. Providers of technical, IT, and organizational solutions enabling the Controller to conduct business, including the Online Store and Electronic Services offered through it (in particular, software providers for running the Online Store, email and hosting providers, and providers of business management software and technical support) — the Controller provides collected personal data of the Customer to the selected provider acting on its behalf only when and to the extent necessary to achieve the specific purpose of data processing consistent with this Privacy Policy.
4.4.5. Providers of accounting, legal, and advisory services supporting the Controller (in particular, accounting offices, law firms, or debt collection companies) — the Controller provides collected personal data of the Customer to the selected provider acting on its behalf only when and to the extent necessary to achieve the specific purpose of data processing consistent with this Privacy Policy.
4.4.6. Providers of social plugins, scripts, and other similar tools embedded on the Online Store website, enabling the visitor's browser to fetch content from the providers of those plugins (e.g., logging in using social media credentials) and transfer the visitor’s personal data to those providers, including:
4.4.6.1. Meta Platforms Ireland Ltd. — The Controller uses Facebook social plugins on the Online Store website (e.g., Like, Share buttons, or Facebook login). Accordingly, it collects and shares personal data of the Service Recipient using the Online Store website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in accordance with the privacy policies available here: https://www.facebook.com/about/privacy/ (this data includes information about activities on the Online Store website — including device information, visited websites, purchases, viewed advertisements, and service usage — regardless of whether the Service Recipient has a Facebook account and is logged in to Facebook).


5. PROFILING IN THE ONLINE STORE
5.1. The GDPR imposes on the Controller the obligation to inform about automated decision-making, including profiling, referred to in Articles 22(1) and 22(4) of the GDPR, and — at least in these cases — essential information on the principles of such decisions, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Controller provides in this section of the Privacy Policy information regarding possible profiling.
5.2. The Controller may use profiling in the Online Store for the purposes of direct marketing, but decisions made by the Controller based on profiling do not concern the conclusion or refusal to conclude a Sales Agreement, nor the possibility of using Electronic Services in the Online Store. The effect of profiling in the Online Store may be, for example, granting a discount to a person, sending them a discount code, reminding them of unfinished purchases, sending proposals for Products that may match the person’s interests or preferences, or offering better conditions compared to the standard Online Store offer. Despite profiling, the person freely decides whether to use the received discount or better conditions and make a purchase in the Online Store.
5.3. Profiling in the Online Store consists of the automatic analysis or prediction of a person’s behavior on the Online Store website, e.g., by adding a specific Product to the cart, browsing a specific Product page in the Online Store, or analyzing the purchase history in the Online Store. A condition for such profiling is that the Controller possesses the personal data of the person in order to be able to send, for example, a discount code.
5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.


6. RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, restriction, erasure, or data portability – the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten"), or restriction of processing, as well as the right to object to processing, and the right to data portability. Detailed conditions for exercising these rights are specified in Articles 15–21 of the GDPR.
6.2.Right to withdraw consent at any time – a person whose data is processed by the Controller based on consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6.3. Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedures specified in the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
6.4. Right to object – a data subject has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests of the Controller), including profiling based on these provisions. In such a case, the Controller may no longer process the personal data unless they demonstrate compelling legitimate grounds for processing which override the interests, rights, and freedoms of the data subject or grounds for establishing, exercising, or defending legal claims.
6.5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling to the extent that it relates to such direct marketing.
6.6. To exercise the rights mentioned in this section of the Privacy Policy, one may contact the Controller by sending a relevant message in writing or by email to the Controller’s address indicated at the beginning of the Privacy Policy, or by using the contact form available on the Online Store website.


7. COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1. Cookies are small text files sent by a server and stored on the device of the visitor to the Online Store website (e.g., on the hard drive of a computer or laptop, or on the memory card of a smartphone — depending on the device used by the visitor). Detailed information about cookies and their history can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.
7.2. The Controller may provide a tool on the Online Store website for easy and active management of cookies — available upon first entering the site and thereafter accessible in the lower corner of the page after closing the tool. Active management allows, among other things, checking which cookies are or may be stored during site use, as well as selecting and later changing the scope and purposes of cookie usage for the device and visitor. Upon starting to use the site, the visitor will be asked to choose cookie settings. These settings can be changed later via the cookie management tool available on the site.
7.3. Below, the Controller provides a number of details concerning the use of cookies on the Online Store website, their types, purposes, and management — for example, through web browser settings and/or the cookie management tool available on the site. The Controller encourages the use of the cookie management tool available on the site, which allows easy active management of cookies during site usage, or if this tool is unavailable, to familiarize oneself with the following information, including managing cookies through browser settings.
7.4. Cookies that may be sent by the Online Store website can be divided into different types according to the following criteria:

 

Based on their provider:

  1. first-party cookies (created by the Online Store website of the Controller), and
  2. third-party cookies (belonging to persons/entities other than the Controller)

Based on their storage duration on the visitor’s device:

  1. session cookies (stored until the user logs out of the Online Store or closes the web browser), and
  2. persistent cookies (stored for a specified period defined by each cookie’s parameters or until manually deleted)

Based on their purpose:

  1. necessary cookies (enabling the proper functioning of the Online Store website),
  2. functional/preference cookies (enabling the Online Store website to be adapted to the visitor’s preferences),
  3. analytical and performance cookies (collecting information about how the Online Store website is used),
  4. marketing, advertising, and social media cookies (collecting information about the visitor to display personalized ads and conduct other marketing activities, including on websites other than the Online Store, such as social media platforms or other sites belonging to the same advertising networks as the Online Store).

 

7.5. The Controller may process data contained in cookies during visitors’ use of the Online Store website for the following specific purposes:

 

Purposes of Using Cookies in the Administrator’s Online Store

identification of Users as logged into the Online Store and displaying their logged-in status (necessary cookies)

remembering Products added to the cart for order placement (necessary cookies)

remembering data from completed Order Forms, surveys, or login data for the Online Store (necessary and/or functional/preference cookies)

customizing the content of the Online Store website according to the User’s individual preferences (e.g., colors, font size, page layout) and optimizing the use of the Online Store pages (functional/preference cookies)

conducting anonymous statistics showing how the Online Store website is used (analytical and performance cookies)

displaying and rendering advertisements, limiting the number of ad impressions, ignoring ads the User does not wish to see, measuring ad effectiveness, as well as personalizing ads — i.e., studying the behavior characteristics of visitors to the Online Store through anonymous analysis of their activities (e.g., repeated visits to certain pages, keywords, etc.) to create their profile and deliver ads matched to their predicted interests, including when they visit other websites within the advertising networks of Google Ireland Ltd. and Meta Platforms Ireland Ltd. (marketing, advertising, and social media cookies)

 

7.6. Checking which cookies are currently sent by the Online Store website is possible, regardless of the web browser used, by means of tools available for example at: https://www.cookiemetrix.com or https://www.cookie-checker.com.
7.7. By default, most web browsers on the market accept cookies automatically. Everyone can specify cookie usage conditions via their own web browser settings. This means that it is possible, for example, to partially restrict (e.g., temporarily) or completely disable cookie storage — although in the latter case this may affect some functionalities of the Online Store (for example, it may become impossible to complete the Order process through the Order Form due to products not being remembered in the cart during subsequent order steps).
7.8. Web browser cookie settings are important from the perspective of consent to cookie use by our Online Store — according to regulations, such consent may also be expressed through browser settings. Detailed information on how to change cookie settings and how to delete cookies manually in the most popular web browsers is available in their respective help sections and on the following pages (just click the link):
w przeglądarce Chrome
w przeglądarce Firefox
w przeglądarce Internet Explorer
w przeglądarce Opera
w przeglądarce Safari
w przeglądarce Microsoft Edge
7.9. The Controller may use Google Analytics, Google Tag Manager, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Controller to maintain statistics and analyze traffic on the Online Store website. The collected data are processed within these services to generate statistics helpful for managing the Online Store and analyzing its traffic. The data are aggregated. By using these services, the Controller collects data such as sources and mediums of visitors’ acquisition to the Online Store, their behavior on the website, device and browser information, IP addresses and domains, geographic data, as well as demographic data (age, gender) and interests.
7.10. It is possible for individuals to easily block the sharing of their activity data with Google Analytics — for example, by installing a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=en.
7.11. Due to the possibility of the Controller using advertising and analytical services provided by Google Ireland Ltd. in the Online Store, the Controller informs that full information on the data processing practices of visitors (including cookie data) by Google Ireland Ltd. can be found in Google’s privacy policy available at: https://policies.google.com/technologies/partner-sites.
7.12. Ahe Controller may use the Meta Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. This service helps measure ad effectiveness and learn about actions taken by visitors to the Online Store, as well as display personalized ads to these visitors. Detailed information about the Meta Pixel can be found at: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
7.13. Management of the Meta Pixel operation is possible through the ad settings in one’s Facebook account at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
7.14. The Controller may use the WebePartners service provided by WEBEPARTNERS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Wrocław, Poland (ul. Jana Stanki 2, 52-423 Wrocław). This service helps learn what actions visitors take on the Online Store. Detailed information about WebePartners is available at: https://webepartners.pl/blog/link-afiliacyjny-jak-na-nim-zarabiac/.


8. FINAL PROVISIONS
8.1. The Online Store may contain links to other websites. The Administrator encourages users to review the privacy policies applicable on those sites after navigating to them. This privacy policy applies only to the Administrator’s Online Store.