Privacy Policy

Cancel the contract here

Privacy and Cookies Policy
LUVMÉ


§1 DATA CONTROLLER AND GENERAL INFORMATION

  1. Terms used in the Online Store Regulations shall apply accordingly to this Privacy Policy.
  2. The owner and operator of the Online Store and the Data Controller of Users' personal data is LVM Monika Matera, NIP: 7311989531, REGON: 101750065, hereinafter referred to as the "Controller" or "Service Provider".
  3. Direct contact with the Service Provider and all electronic correspondence regarding the Online Store's operations should be sent to the email address: hello@luvme.eu.
  4. The Data Controller is responsible for the security of personal data provided and for processing it in accordance with applicable law.
  5. Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: "GDPR"), and other applicable data protection regulations.
  6. The Controller has implemented appropriate technical and organisational measures to ensure the protection of processed personal data, proportionate to the risks and categories of protected data. These measures are intended, in particular, to secure data against accidental or unlawful destruction, loss, modification, unauthorised disclosure or access.
  7. The Controller ensures that personal data is processed in accordance with the principles of lawfulness, fairness, and transparency, and only to the extent necessary to achieve the purposes for which it was collected.
  8. The Controller provides information about the use of cookies and other similar internet technologies in the subsequent part of the Privacy Policy.



    PART I – PERSONAL DATA PROCESSING
  9. Providing personal data by the User is generally voluntary, but in some cases, it may be necessary for concluding and executing the Sales Agreement, providing electronic services, managing a customer account, fulfilling an order, or performing legal obligations incumbent on the Controller.
  10. Failure to provide personal data marked as required may prevent the fulfillment of an order, the provision of selected services, or the performance of obligations arising from legal provisions.
  11. The scope of required personal data is always limited to the minimum necessary for the purpose for which the data is processed.
  12. Refusal to provide personal data may result in refusal to conclude or execute a Sales Agreement, provide electronic services, or limit the functionality of the Online Store.


§2 TYPES OF PERSONAL DATA PROCESSED

  1. Within the operation of the Online Store, the Controller may collect and process, in particular, the following personal data of Users:
  2. Full name – for order fulfillment, Customer Account management, and electronic service provision;
  3. phone number – for contacting the User regarding order fulfillment or provided services;
  4. Email address – serving as the primary identification data of the User, used for Customer Account management, order fulfillment, and communication with the User; if separate consent is given, the email address may also be used for sending newsletters or marketing information;
  5. Address details – necessary for order fulfillment and product delivery;
  6. Payment details – to the extent necessary for processing payments for orders;
  7. Device IP address and technical data – information resulting from the operation of internet connections, used for technical, security, diagnostic, and statistical purposes;
  8. Cookies and data stored in system logs, including information about the User's mobile device – to ensure the proper functioning of the Online Store, enhance security, optimize website performance, and adapt functionalities to the User's preferences. Detailed information regarding cookies can be found in the subsequent part of the Privacy Policy.
  9. The source of processed personal data is the User, who voluntarily provides their personal data when using the Online Store, placing an order, contacting the Controller, or using available services.


    §3 PURPOSES OF PERSONAL DATA PROCESSING

    Users' personal data may be processed by the Controller for the following purposes:
  10. fulfilling orders placed in the Online Store, managing Customer Accounts, and providing electronic services – based on Article 6(1)(b) GDPR ("performance of a contract");
  11. fulfilling legal obligations incumbent on the Controller, in particular those arising from tax and accounting regulations, including issuing and storing accounting and tax documents – based on Article 6(1)(c) GDPR ("legal obligation");
  12. handling inquiries sent by Users electronically or via the contact form – based on Article 6(1)(f) GDPR ("legitimate interest of the Controller"), consisting of ensuring contact with Users and responding to messages sent;
  13. conducting marketing activities concerning the Controller's products and services, including sending newsletters – based on Article 6(1)(f) GDPR ("legitimate interest of the Controller") or based on granted consent, if required by applicable law;
  14. improving the quality of services provided, analyzing User activity, conducting customer satisfaction surveys, and adapting Online Store functionalities to User needs – based on Article 6(1)(f) GDPR ("legitimate interest of the Controller");
  15. creating analyses, statistics, and summaries regarding the use of the Online Store, for the purpose of developing the Controller's business and optimising marketing and sales activities – based on Article 6(1)(f) GDPR;
  16. ensuring the security of the Online Store, preventing abuse, and protecting against illegal activities – based on Article 6(1)(f) GDPR;
  17. pursuing claims or defending against claims related to the operation of the Online Store, concluded agreements, or provided services – based on Article 6(1)(f) GDPR ("legitimate interest of the Controller").
  18. Personal data will be processed for the period necessary to achieve the purpose for which it was collected, and after its completion, for the period required by law or until the statute of limitations for any potential claims.
  19. In the case of data processing based on User consent, data will be processed until consent is withdrawn, without affecting the lawfulness of processing carried out before its withdrawal.


    §4 PERIODS OF PERSONAL DATA PROCESSING


    I. Users' personal data is processed by the Controller for the period necessary to achieve the purposes for which it was collected, in accordance with the data storage limitation principle derived from the GDPR.
     The data processing period depends on the purpose and legal basis of processing and is as follows:


      1. in the case of data processed for the purpose of fulfilling a Sales Agreement or providing electronic services – for the period necessary to perform the agreement and settle mutual obligations;
      2. in the case of data processed for the purpose of fulfilling legal obligations incumbent on the Controller, in particular tax and accounting obligations – for the period required by law, generally for 5 years from the end of the tax year in which the tax obligation arose;
      3. in the case of data processed based on the Controller's legitimate interest, including for the purpose of pursuing or defending against claims – until the statute of limitations for claims according to applicable law;
      4. in the case of data processed based on User consent – until consent is withdrawn or the purpose of data processing ceases; in the case of data processed in connection with subscribing to the Newsletter – until resignation from receiving it or withdrawal of consent for marketing communication.



        After the periods indicated above, personal data may be stored only to the extent required by applicable law or for the purpose of securing potential claims.


§5 RECIPIENTS OF PERSONAL DATA

  1. The Controller transfers personal data only when it is necessary for the purpose of data processing and only to the extent necessary to achieve that purpose.
  2. In connection with the operation of the Online Store, personal data may be shared with entities supporting the Controller's activities, in particular:
  3. IT and technical service providers, including entities providing hosting, email services, server maintenance, technical support, and Online Store operation;
  4. electronic payment operators, banks, and other entities handling online payments – to the extent necessary for processing payments for orders;
  5. courier, postal, and logistics companies – for the purpose of order delivery;
  6. accounting, legal, advisory, and debt collection service providers – to the extent necessary to fulfill legal obligations or protect the Controller's rights;
  7. entities providing marketing, analytical, and advertising services, in particular providers of tools enabling analysis of traffic in the Online Store and conducting marketing campaigns.
  1. The Controller may use tools and services provided by third parties, such as Meta Platforms Ireland Ltd. and Google, and therefore data regarding User activity in the Online Store may be processed by these providers in accordance with their own privacy policies.
  2. When the Controller uses social plugins or analytical tools, the providers of these services may receive information regarding User activity in the Online Store, including technical data about the device, browser, IP address, and how the website is used.
  3. Recipients of personal data may also include authorised state authorities, law enforcement agencies, courts, or other entities authorised to obtain data on the basis of applicable legal provisions.
  4. In connection with the Controller's use of technological service providers and analytical and marketing tools, personal data may be transferred outside the European Economic Area (EEA), particularly to the United States of America (USA).
  5. Data transfer outside the EEA takes place only with the application of appropriate safeguards required by GDPR provisions, in particular on the basis of standard contractual clauses approved by the European Commission or other mechanisms ensuring an adequate level of personal data protection.

§6 USER RIGHTS

  1. The User whose personal data is processed by the Controller has rights resulting from GDPR provisions and other personal data protection regulations.
  2. To exercise their rights, the User may contact the Controller via email at: hello@luvme.eu.
  3. The Controller may request additional information necessary to confirm the identity of the person submitting the request or demand concerning personal data.
  4. Every person whose data is processed has the right to:
  5. access their personal data and obtain a copy thereof;
  6. rectify or complete personal data if it is inaccurate or incomplete;
  7. erase personal data ("right to be forgotten") in cases provided for by law;
  8. restrict the processing of personal data;
  9. transfer personal data to another controller if the processing is based on consent or a contract and carried out by automated means;
  10. object to the processing of personal data based on the Controller's legitimate interest, including objection to data processing for direct marketing purposes;
  11. withdraw consent to the processing of personal data at any time if the processing is based on consent; withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal;
  12. lodge a complaint with the President of the Personal Data Protection Office if the User believes that the processing of personal data violates applicable legal provisions.
  1. The right to erasure of personal data may be exercised in particular when:
  1. personal data is no longer necessary for the purposes for which it was collected;
  2. the User withdraws consent to data processing, and the Controller has no other legal basis for processing it;
  3. the User effectively objects to data processing;
  4. personal data has been unlawfully processed;
  5. the obligation to erase data results from legal provisions.
  6. The right to restriction of data processing applies in cases provided for by GDPR provisions, in particular when:
  7. the User contests the accuracy of personal data;
  8. the data processing is unlawful, but the User opposes its erasure;
  9. the Controller no longer needs the personal data, but it is required by the User for the establishment, exercise, or defence of legal claims;
  10. the User has objected to data processing – pending verification of whether the legitimate grounds override those of the User.
  1. The Controller responds to submitted requests without undue delay, no later than within 30 days from the date of receiving the request, subject to the possibility of extending this period in cases provided for by GDPR provisions.

 

§7 ADDITIONAL INFORMATION ON DATA PROCESSING

  1. Users' personal data may be processed in an automated manner, including profiling, to tailor marketing content, advertisements, and the functionalities of the Online Store to the User's interests and preferences.
  2. Profiling may involve, in particular, analyzing the User's activity in the Online Store, purchase history, product preferences, how the website is used, or reactions to marketing content sent.
  3. The Controller uses personal data to better match informative, promotional, and marketing communications regarding products and services offered in the Online Store.
  4. Profiling is carried out using IT tools and does not produce legal effects concerning the User or similarly significantly affect their situation.
  5. Profiling does not limit the User's freedom of decision, particularly regarding purchasing decisions in the Online Store.






PART II - COOKIES POLICY
§8 COOKIES

  1. The Controller uses cookies and other similar internet technologies to ensure the proper functioning of the Online Store, improve the quality of services provided, conduct statistical analyses, and marketing activities.
  2. Cookies are small text information saved on the User's end device while using the Online Store. The information obtained through cookies generally does not allow direct identification of the User.
  3. Cookies are used in particular for:
  4. maintaining the User's session after logging into the Customer Account;
  5. ensuring the proper functioning of the Online Store;
  6. remembering User preferences and settings;
  7. tailoring website content to User preferences;
  8. creating statistics and analyses regarding the use of the Online Store;
  9. improving the functionality, structure, and performance of the website;
  10. conducting marketing and advertising activities, including displaying advertisements tailored to the User's interests;
  11. ensuring the security of using the Online Store and preventing abuse.
  1. The Controller uses the following types of cookies:
  1. session cookies – stored until logging out, leaving the website, or closing the web browser;
  2. persistent cookies – stored for a specified period in the cookie parameters or until deleted by the User.
  1. Depending on the purpose of using cookies, the Controller uses the following types:
  1. essential cookies – enabling the proper functioning of the Online Store;
  2. functional cookies – allowing the remembering of User settings and preferences;
  3. analytical and statistical cookies – enabling analysis of how the website is used;
  4. marketing and advertising cookies – used to present advertising content tailored to the User's interests;
  5. security cookies – used to detect abuse and protect the Online Store;
  6. web push cookies – used to send notifications after obtaining separate User consent.
  1. The Controller may use the services of third parties, such as Google or Meta Platforms, which use cookies and similar technologies for analytical and marketing purposes in accordance with their own privacy policies.
  2. The use of cookies does not cause configuration changes in the device or software used by the User.
  3. Most web browsers allow cookies to be stored on the User's end device by default. The User can change cookie settings or delete them entirely at any time using their web browser settings.
  4. Restricting the use of cookies may affect some functionalities available in the Online Store and make it difficult to use selected services.
  5. The User can manage cookies independently, in particular by:
  1. accepting cookies;
  2. blocking cookies;
  3. deleting saved cookies;
  4. setting individual preferences for selected websites.
  1. Detailed information regarding cookie management is available in the settings of the web browser used or the mobile device's operating system.

§9 OTHER TECHNOLOGIES AND AUTOMATICALLY COLLECTED DATA

  1. The use of the Online Store involves the automatic transmission of requests to the server, which are saved in the Administrator's system logs.
  2. The following data may be collected in the system logs, among others:
  3. User's IP address;
  4. date and time of visit to the Online Store;
  5. information about the User's end device;
  6. information about the operating system and web browser;
  7. data on the User's activity in the Online Store.
  1. Automatically collected data is used in particular for:
  1. ensuring the security of the Online Store;
  2. diagnosing technical problems;
  3. detecting abuses and attempts of unauthorized access;
  4. conducting statistical and administrative analyses;
  5. improving the functionality and efficiency of the Online Store.
  1. Data saved in system logs are generally not associated with specific individuals and are not used for direct identification of the User.
  2. The Administrator uses services and tools of third parties providing analytical, marketing and technical services, which may use cookies and similar internet technologies.
  3. The Administrator uses the following tools in particular:
  1. Google Analytics – an analytical tool provided by Google, used for creating statistics and analyses regarding the use of the Online Store. Detailed information regarding data processing by Google is available at:
    Google Privacy Policy
  2. Shopify – a platform enabling the operation and management of the Online Store, including order fulfillment, payments, and shop functioning management. Detailed information is available at:
    Shopify Privacy Policy



§10 CHANGES TO THE PRIVACY POLICY

  1. This Privacy Policy is continuously reviewed and updated as necessary to adapt it to applicable law, technological changes, or changes related to the functioning of the Online Store.
  2. The User may be informed of any changes to the Privacy Policy by publishing the new content of the Policy on the Online Store's website or by sending information to the User's email address, if the Administrator has such an address.
  3. In cases required by law, the Administrator may ask the User to re-accept the updated version of the Privacy Policy.
  4. Using the Online Store after the changes to the Privacy Policy come into effect means accepting its current version, unless applicable law provides otherwise.


  1. Meta Platforms Ireland Ltd. – provider of marketing and advertising tools related to Facebook and Instagram services, including analytical tools and Meta advertising pixels.
  1. The Online Store may contain plugins, buttons, and other tools that enable redirection to social media services, such as Facebook or Instagram. The use of these functionalities may involve the transfer of data to the providers of these services in accordance with their privacy policies.
  2. The Administrator uses the Meta Pixel tool, which allows for analyzing the effectiveness of advertising campaigns conducted on Facebook and Instagram and tailoring advertising content to User preferences.
  3. Detailed information regarding data processing by Meta Platforms Ireland Ltd. is available at:
    Meta Privacy Policy
  4. In connection with the use of tools provided by third parties, User data may be transferred outside the European Economic Area in accordance with the principles set out in the privacy policies of these entities and with the application of protection mechanisms required by GDPR regulations.






 

Have questions? Write to us
LUVMÉ