PRIVACY POLICY

1. Introduction

The TRESAMIGOS.UK online store, run at the Internet address: tresamigos.uk , belonging to the company TRES AMIGOS SPÓŁKA CYWILNA MATEUSZ WÓJCIK ŁUKASZ LEŚ WOJCIECH BĄK attaches the greatest importance to the protection of the privacy of its customers in the matter of transferring personal data to the customer contact department, with a committed approach to issues of protecting customer privacy and taking responsibility for the security of their data seriously. We will clearly and transparently inform our clients about what information we collect and what we do with it

This Privacy Policy sets out the following:

What personal data do we collect and process about you in connection with being our Customer and in connection with the use of our website and online services;

  1. Where do we get the data from?
  2. What do we do with this data;
  3. How we store data;
  4. Who we transfer/disclose data to;
  5. How we exercise your right to data protection;
  6. How we comply with data protection principles.

All personal data is collected and processed in accordance with the personal data protection legislation in force in Poland and the European Union.

2. Definitions

Administrator – personal data administrator indicated in point. III of the Policy.

Personal data – all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, online identifier and information collected via via cookies and other similar technology.

Policy – this Privacy Policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – website run by the Administrator at TRESAMIGOS.UK

User (Customer) – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

3. Data of the Personal Data Administrator

We would like to kindly inform you that the administrator of your personal data is Tresos Amigos Cywilna Mateusz Wójcik Łukasz Leś Wojciech Bąk based in Orkana 5, 36-020 Tyczyn, NIP: 8133883209, REGON: 522786539, entered in the register of entrepreneurs of the National Court Register by the District Court in Rzeszów, hereinafter referred to as “TRESAMIGOS.STORE”. You can contact TRESAMIGOS regarding the protection of personal data at the following e-mail address: [email protected] .

4. Purposes and grounds for processing personal data

In order to provide services in accordance with the scope of our activities, TRESAMIGOS processes your personal data – for various purposes, but always in accordance with the law. Below you will find detailed purposes for the processing of personal data along with the legal basis.

Account registration on the Website:

People who register in the TRESAMIGOS online store are asked to provide the data necessary to create and operate an account. Providing data marked as mandatory is required to create and operate an account, and failure to provide them results in the inability to create an account. Data such as gender and date of birth may be provided by the User optionally. The above data is provided via the contact form available on the TRESAMIGOS.UK website

Personal data is processed:

  1. In order to provide services related to maintaining and servicing an account in the TRESAMIGOS online store – the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR). Alternatively, in the scope of optional data – the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
  2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of your activity on the Website and how you use your account, as well as your preferences in order to improve the functionalities used ;
  3. in order to possibly determine and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;
  4. for the Administrator’s marketing purposes – a detailed description of the purposes and legal basis can be found in the marketing and direct marketing tab.

Using the Website:

Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator:

  1. in order to provide services electronically in the scope of making content collected on the Website available to Users, providing contact forms – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
  2. in order to handle complaints – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR); for analytical and statistical purposes – then the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in conducting analyzes of Users’ activity as well as their preferences in order to improve the functionalities used and the services provided;
  3. in order to possibly determine and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in the protection of his rights;
  4. for the Administrator’s marketing purposes – a detailed description of the purposes and legal basis can be found in the marketing and direct marketing tab.

Placing orders on the Website:

Placing an order (purchase of goods) by the Customer of the TRESAMIGOS online store involves the processing of his or her personal data. Providing data marked as mandatory is required to accept and process the order, and failure to provide it results in its failure to be processed.

Personal data is processed:

  1. in order to fulfill the placed order – the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR); in the scope of optional data, the legal basis for processing is consent (Article 6(1)(a) of the GDPR);
  2. in order to fulfill the statutory obligations imposed on the Administrator, resulting in particular from tax regulations and accounting regulations – the legal basis for processing is the legal obligation (Article 6(1)(c) of the GDPR);
  3. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of Users’ activity on the Website, as well as their purchasing preferences in order to improve the functionalities used;
  4. in order to possibly determine and pursue claims or defend against them – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in the protection of his rights.

Contact form:

The administrator provides the opportunity to contact him using an electronic contact form. Using the form requires providing personal data necessary to contact the User and answer the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to process it.

Personal data is processed:

  1. in order to identify the sender and handle his inquiry sent via the form provided – the legal basis for processing is the necessity of processing to perform the service provision contract (Article 6(1)(b) of the GDPR);
  2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) consisting in maintaining statistics of inquiries submitted by Users via the Website in order to improve its functionality.

Marketing:

The Administrator processes Users’ personal data in order to carry out marketing activities, which may consist in:

  1. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information;
  2. conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means);
  3. In order to carry out marketing activities, the Administrator in some cases uses profiling, i.e. via the so-called geolocation , obtains knowledge about the country of residence of the User using the TRESAMIGOS online store and the so-called segmentation – i.e. selecting Customers who have not placed any order since registering an account in the TRESAMIGOS online store, in order to send such a Customer an offer or a discount code to the e-mail address provided by the Customer. This means that thanks to automatic data processing, the Administrator assesses selected factors regarding natural persons in order to analyze their behavior or create a forecast.
  4. On our websites, third parties place information in the form of cookies and other similar technologies on your end device (e.g. computer, smartphone) and gain access to them. These are our trusted partners with whom we constantly cooperate to tailor advertising on our and their websites to your needs and interests, as well as the services that we and our trusted partners provide. Entities from the Wirtualna Polska capital group are such a trusted partner.

In the case of data processing operations for the above-mentioned marketing purposes, with the exception of those carried out as part of the newsletter , which operates on the basis of the regulations, the basis for such processing is the fulfillment of the purposes arising from the legitimate interests pursued by the Administrator (Article 6(1)(a) F GDPR).

Direct marketing:

If the Customer has agreed to receive marketing information via e-mail, SMS and other means of electronic communication, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of TRESAMIGOS consisting in sending marketing information within the limits of the consent granted by the User (direct marketing). The user has the right to object to the processing of data for direct marketing purposes, including profiling. The data will be stored for this purpose for the duration of the legitimate interest of TRESAMIGOS, unless the User objects to receiving information.

Social media:

The Administrator processes personal data of Users visiting the Administrator’s profiles on social media (Facebook, Instagram, You Tube , Twitter, Pinterest). This data is processed only in connection with maintaining the profile, including to inform Users about the Administrator’s activity and promoting various types of events, services and products, as well as to communicate with users via functionalities available on social media. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest (Article 6(1)(f) of the GDPR), consisting in promoting its own brand and building and maintaining a community related to the brand.

Complaint handling:

In order to consider the complaint, we process your personal data, such as: name and surname, e-mail address, order number, or home address – if the money is refunded, or bank account number – if the money is refunded.

The legal basis for such data processing is Art. 6 section 1 letter b GDPR, which allows the processing of personal data if it is necessary to perform a contract or take steps to conclude a contract.

Email notifications:

In order to send an e-mail notification to the Customer in connection with the service provided, we process personal data such as e-mail address and order number.

The legal basis for such data processing is Art. 6 section 1 letter f GDPR, which allows the processing of personal data if in this way the Personal Data Administrator pursues its legitimate interest (in this case, the interest of the Company is to inform you about activities related to the provision of the service in order to increase the comfort of using the website);

Telephone contact:

In order to contact you by phone in matters related to the provision of the service, we process personal data such as: telephone number, order number.

The legal basis for such data processing is Art. 6 section 1 letter a GDPR, which allows the processing of personal data on the basis of voluntarily granted consent;

GDPR registers and records:

In order to create registers and records related to the GDPR, including, for example, a register of customers who have raised an objection in accordance with the GDPR, we process personal data such as: name and surname, e-mail address, because, firstly, the provisions of the GDPR impose on us certain documentation obligations to demonstrate compliance and accountability, secondly, if you object, for example, to the processing of your personal data for marketing purposes, we must know who should not use direct marketing because they do not want it.

The legal basis for such data processing is, firstly, Art. 6 section 1 letter c GDPR, which allows the processing of personal data if such processing is necessary for the Personal Data Administrator to fulfill its obligations under the law; secondly, art. 6 section 1 letter f GDPR, which allows the processing of personal data if in this way the Personal Data Administrator pursues its legitimate interest (in this case, the Company’s interest is to have knowledge about persons who exercise their rights under the GDPR);

Cookies :

In order to use cookies on the website, we process such text information ( cookies will be described in a separate section). The legal basis for such processing is Art. 6 section 1 letter a GDPR, which allows the processing of personal data on the basis of voluntarily granted consent (when you first enter the website, you are asked for consent to the use of cookies );

Website administration:

In order to administer the website, we process personal data such as: IP address, server date and time, information about the web browser, information about the operating system – this data is saved automatically in the so-called server logs each time you use a website belonging to the Company. It would not be possible to administer the website without using a server and without this automatic recording. The legal basis for such data processing is Art. 6 section 1 letter f GDPR, which allows the processing of personal data if in this way the Personal Data Administrator pursues its legitimate interest (in this case, the interest of the Company is to administer the website);

Comments on the website:

In order to post a comment on the website of the TRESAMIGOS online store, we process personal data such as name and surname. The legal basis for such processing is Art. 6 section 1 letter a of the GDPR, which allows the processing of personal data on the basis of voluntarily granted consent (in this case, we assume that posting a comment is simultaneous consent to the processing of personal data).

6. Cookies

  1. TRESAMIGOS, like other entities, uses the so-called cookies , i.e. short text information saved on the user’s computer, telephone, tablet or other device. They can be read by our system, as well as by systems belonging to other entities whose services we use (e.g. Facebook, Google ).
  2. Cookies perform many functions on the website, most often useful ones, which we will try to describe below (if the information is insufficient, please contact us):
    1. ensuring security – cookies are used to authenticate users and prevent unauthorized use of the Customer panel. They are therefore used to protect the Customer’s personal data against access by unauthorized persons;
    2. impact on the processes and efficiency of using the website – cookies are used to ensure that the website operates efficiently and that it is possible to use the functions available on it, which is possible, among other things, by remembering settings between subsequent visits to the website. Thanks to them, you can efficiently navigate the website and individual subpages;
    3. session state – cookies often store information about how visitors use the website, e.g. which subpages they view most often. They also enable the identification of errors displayed on some subpages. Cookies used to save the so- called “session state” therefore help to improve services and increase the comfort of browsing websites;
    4. maintaining the session state – if the Customer logs in to their panel, cookies enable the session to be maintained. This means that after switching to another subpage, you do not have to re-enter your login and password each time, which improves the comfort of using the website;
    5. creating statistics – cookies are used to analyze how Users use the website (how many people open the website, how long they stay on it, which content arouses the greatest interest, etc.). Thanks to this, it is possible to constantly improve the website and adapt its operation to Users’ preferences. To track activity and create statistics, we use Google tools such as Google Analytics; in addition to reporting website usage statistics, pixel Google Analytics may also be used, together with some of the cookies described above , to help display more relevant content to the user on Google services (e.g. Google search) and across the web;
    6. using social media functions – on the website we have the so-called Facebook and Instagram pixel , which allows you to like our fanpage on these websites while using the website. However, to make this possible, we must use cookies provided by Facebook and Instagram.
  3. Importantly, many cookies are anonymized for us – without additional information, we are unable to identify your identity based on them.
  4. Your web browser allows the use of cookies on your device by default, so on your first visit, please consent to the use of cookies . However, if you do not wish to use cookies when browsing the website, you can change the settings in your web browser – completely block the automatic handling of cookies or request notification each time cookies are placed on your device. You can change the settings at any time.
  5. While respecting the autonomy of all people using the website, we feel obliged to warn you that disabling or limiting the use of cookies may cause quite serious difficulties in using the website, e.g. the need to log in on each subpage, longer page loading times. , restrictions on the use of functionalities, restrictions on liking the Facebook page, etc.

7. Right to withdraw consent

  1. If the processing of personal data is based on consent, you may withdraw this consent at any time – at your own discretion.
  2. If you would like to withdraw your consent to the processing of personal data, all you need to do is:
    1. send an email directly to TRESAMIGOS at [email protected] l
    2. check the appropriate box in the Customer panel, in the “My Account” tab → “Personal Data” or
    3. click on the link in the email, attached to the end of each message you send.
  3. If the processing of your personal data was based on consent, its withdrawal does not make the processing of personal data up to that point illegal. In other words, until you withdraw your consent, we have the right to process your personal data and its withdrawal does not affect the lawfulness of the existing processing.

8. Requirement to provide personal data

  1. Providing any personal data is voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet your expectations regarding the use of the services offered by TRESAMIGOS.
  2. In order to be able to process your order, it is necessary to provide your e-mail address – without it, we are unable to provide information about the status of order processing electronically.
  3. In order for you to receive your order, it is necessary to provide your address details – without this we are unable to deliver the order.
  4. In order to contact you, it is necessary to provide your telephone number – without it, we are unable to contact you in case of questions regarding the order, delivery or significant changes in the TRESAMIGOS offer.

9. Automated decision-making and profiling

In order to carry out marketing activities, the Administrator uses profiling in some cases, i.e. via the so-called geolocation , obtains knowledge about the country of residence of the User using the TRESAMIGOS online store and the so-called segmentation – i.e. selecting Customers who have not placed any order since registering an account in the TRESAMIGOS online store, in order to send such User an offer or a discount code to the e-mail address provided by the Customer. This means that thanks to automatic data processing, the Administrator assesses selected factors regarding natural persons in order to analyze their behavior or create a forecast.

10. Recipients of personal data

  1. In connection with the provision of services, your personal data will be disclosed to external entities, in particular suppliers responsible for operating IT systems, entities such as banks and payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with order fulfillment), marketing agencies (in the field of marketing services) and entities related to the Administrator and commercial partners.
  2. If your consent is obtained, the data may also be made available to other entities for their own purposes, including marketing purposes.
  3. The Administrator reserves the right to disclose selected information about you to the competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law. It is extremely difficult for us to predict who may request personal data. However, we assure you that we analyze each request to provide personal data very carefully and thoroughly so as not to accidentally provide information to an unauthorized person.

11. Transfer of personal data to third countries

The level of protection for personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with an adequate level of protection. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of collection. The Administrator transfers personal data outside the EEA only when the Customer orders the order to be processed (sent) outside the EEA.

12. Personal data processing period

  1. In accordance with applicable law, we do not process your personal data “indefinitely”, but for the time necessary to achieve the designated goal. After this period, your personal data will be irreversibly deleted or destroyed.
  2. If we do not need to perform any operations on your personal data other than storing them (e.g. fulfilling an order), we additionally secure them by pseudonymization until they are permanently deleted or destroyed . Pseudonymization involves encrypting personal data or a set of personal data in such a way that they cannot be read without an additional key, and therefore such information becomes completely useless to an unauthorized person.
  3. Regarding individual periods of personal data processing, we kindly inform you that we process personal data for the period:
    1. duration of the contract – in relation to personal data processed for the purpose of concluding and performing the contract;
    2. 3 years or 10 years + 1 year – in relation to personal data processed for the purpose of establishing, pursuing or defending claims (the length of the period depends on whether both parties are entrepreneurs or not);
    3. 6 months – in relation to personal data that was collected when pricing the service and at the same time the contract was not concluded immediately;
    4. 5 years – in relation to personal data related to the fulfillment of obligations under tax law;
    5. until consent is withdrawn or the purpose of processing is achieved, but no longer than 5 years – in relation to personal data processed on the basis of consent;
    6. until an effective objection is raised or the purpose of processing is achieved, but no longer than 5 years – in relation to personal data processed on the basis of the legitimate interest of the Personal Data Administrator or for marketing purposes;
    7. until it becomes obsolete or becomes irrelevant, but no longer than 3 years – in relation to personal data processed mainly for analytical purposes, the use of cookies and website administration.
  4. We count the periods in years from the end of the year in which we started processing personal data in order to improve the process of deleting or destroying personal data. Calculating the deadline separately for each event would involve significant organizational and technical difficulties, as well as significant financial outlay, therefore establishing a single date for deleting or destroying personal data allows us to manage this process more efficiently. Of course, if you exercise your right to be forgotten, such situations are considered individually.
  5. The additional year related to the processing of personal data collected for the purposes of performing the contract is dictated by the fact that, hypothetically, you may submit a claim just before the expiry of the limitation period, the request may be delivered with a significant delay or you may incorrectly determine the limitation period for your claim.

13. Rights of data subjects

  1. We kindly inform you that you have the right to:
    1. access to your personal data;
    2. rectification of personal data;
    3. deletion of personal data;
    4. restrictions on the processing of personal data;
    5. object to the processing of personal data;
    6. transfer of personal data.
  2. We respect your rights arising from the provisions on the protection of personal data and we try to facilitate their implementation to the highest possible extent.
  3. We would like to point out that the above-mentioned rights are not absolute, and therefore in some situations we may legally refuse to fulfill them. However, if we refuse to comply with the request, we do so only after careful analysis and only when refusing to comply with the request is necessary.
  4. Regarding the right to object, we explain that you have the right to object to the processing of personal data at any time based on the legitimate interest of the Personal Data Administrator (listed in point V) in connection with your particular situation. However, you must remember that, in accordance with the regulations, we may refuse to accept your objection if we demonstrate that:
    1. there are legitimate grounds for processing that override your interests, rights and freedoms or
    2. there are grounds for establishing, pursuing or defending claims.
  5. Moreover, you may object to the processing of your personal data for marketing purposes at any time. In such a situation, after receiving your objection, we will stop processing for this purpose.
  6. You can exercise your rights by:
    1. sending an email directly to TRESAMIGOS at [email protected] or
    2. click on the link in the email, attached to the end of each message you send.

14. Right to lodge a complaint

If you believe that your personal data is being processed contrary to applicable law, you may lodge a complaint with the President of the Personal Data Protection Office.

15. Final provisions

  1. To the extent not regulated by this Privacy Policy, personal data protection regulations apply.
  2. You will be notified by e-mail about any changes made to this Privacy Policy.
  3. The privacy policy is constantly verified and updated, if necessary.
  4. This Privacy Policy is effective as of May 25, 2018.