Privacy Policy
Cosmonity®
www.cosmonity.com
1. General provisions
- The located under the domain www.cosmonity.com website’s users’ personal data administrator is Michał Ostaszewski operating under the business name AURORA MICHAŁ OSTASZEWSKI, registered in the Central Register and Information on Economic Activity of the Republic of Poland, maintained by the minister responsible for economy, with its registered office at 39/41 Listonoszy Street, 04-431 Warsaw, Poland, NIP (tax number): 9522030163, REGON (National Official Register of National Economy Units): 385221270, (hereinafter referred to as the "Administrator").
- Contact with the Administrator is possible:
- at his e-mail address: contact@cosmonity.com
- in writing to the Administrator's address: 39/41 Listonoszy Street, 04-431 Warsaw.
- The purpose of this Privacy Policy (hereinafter referred to as the “Policy”) is to define the actions taken with regard to personal data collected through the Administrator's website and the related services and tools used by its users, as well as within the activity of concluding and performing contracts in contact outside the website.
- If necessary, the provisions of this Policy may be amended. The change will be communicated to the users by announcing the new contents of the Policy, and relation to the persons who have consented to data processing by e-mail or have provided e-mail data in the performance of contracts, they will also be notified of the change by e-mail.
2. Processing basis, purposes and storage of personal data
- Users' personal data shall be processed in accordance with the General Data Protection Regulation (hereinafter referred to as “GDPR”), Personal Data Protection Act of 10.05.2018 (Poland) (hereinafter referred to as “RODO”) and the Act on Provision of Electronic Services of 18.07.2002 (Poland).
- In relation to the processing of personal data on the basis of an e-mail or complaint sent by the user, such processing shall take place pursuant to Article 6(1)(b) of the GDPR, according to which the processing is necessary in order to take action at the request of the data subject.
- In the case of obtaining a separate consent from the user, his personal data can be processed by the Administrator also for marketing purposes, including sending commercial information electronically to the user’s e-mail address (Article 6(1)(a) of the GDPR).
- In the case of conclusion and performance of sales contract or contracts for the provision of services by the Administrator, the other party is required to provide the data necessary for the conclusion of the contract (which is a contractual requirement, and in terms of tax numbers also a statutory requirement), and for this purpose the Administrator processes personal data (Article 6(1)(b) of the GDPR).
- In relation to research and analysis in order to improve the performance of available services (e.g. tracking tools), Article 6(1)(f) of the GDPR is indicated as the basis for data processing.
- Users' personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if the processing is based on such consent, until the statute of limitations of claims of the Administrator and the other party for the implementation of concluded agreements (in the case of sales contracts / service contracts, 2 years, counting from the end of the year) and until the implementation of the inquiry by e-mail or until the completion of complaint handling.
- To the extent necessary for the proper functioning of the website, its functionality and the proper performance of payment operations (if such is carried out by the website), the website uses the User's metadata. Metadata should be understood as a process of reading and recognizing the configuration and subassemblies of the computer used by the User by the website's IT system, in order to adjust the website to its capabilities and to establish a secure connection between the User's computer and the website. It is important to note that this metadata cannot identify you personally and is not harmful to any data stored on your computer. Nevertheless, the User is entitled to withdraw his/her consent to the processing of metadata at any time by configuring his or her browser accordingly or by downloading the relevant plug-in provided by the browser's manufacturer. For this purpose, you should consult the manufacturer of the software and its recommendations.
- The Administrator may use profiling for direct marketing purposes, but decisions taken on its basis by the Administrator do not concern conclusion or refusal of a contract or the possibility of using electronic services. The use of profiling may result, for example, in a person being granted a discount, being sent a discount code, being reminded of unfinished purchases, being offered a product that may match the person's interests or preferences, or being offered better terms than the standard offer. Despite the profiling, it is the individual who freely decides whether to take advantage of that exemplary discount received in this way or better conditions and make a purchase.
- To the extent necessary for the proper functioning of the website, its functionality, the website may, during the use of the website by the User, collect other information, including but not limited to:
-
- IP address,
- device type, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g. Apple Identifier for Advertising ["IDFA"] or advertising identifier on an Android device ["AAID"]),
- platform type,
- settings and components,
- installed software,
- presence of necessary plug-ins,
- approximate geolocation data (compiled from IP address or device settings),
- browser data, including browser type and preferred language.
- Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Administrator shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the GDPR and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent the acquisition and modification of personal data transmitted electronically by unauthorized persons.
3. Data sharing
- The Administrator shall ensure that all personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except where:
- the explicit consent of the data’s subjects to do so is given in advance, or
- if the obligation to provide such data arises or will arise under applicable law (e.g. law enforcement agencies).
- Additionally, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
- service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct its business, including the website and the electronic services provided through it (in particular, computer software providers, marketing agencies, email and hosting providers (entity: Shopify Inc.), business management and technical support software providers to the Administrator and the product delivery operator) - the Administrator shall make the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
- accounting, legal and advisory service providers who provide the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection agency) - the Administrator shares the collected personal data of the Client with a selected provider acting on his behalf only if and to the extent necessary to realize the given purpose of data processing in accordance with this Policy.
- The Administrator may share anonymized data (i.e. data that does not identify specific Users) with external service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of the software providers, data may be transferred - subject to the principles of their protection - to third countries which, however, provide standard contractual provisions approved by the European Commission for the processing of personal data or which are duly authorized to do so on the basis of bilateral agreements on the entrustment of data processing between the European Union and the third country in question, while not being a member of the European Economic Area. These entities in the case of the Administrator are:
- Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyse the statistics of websites, Google Tag manager: used to manage the scripts by easily adding code fragments to the website or application and to track the actions performed by the users on the website, Google Ads used to display sponsored links in the search results of the Google search engine and on the websites cooperating within the Google AdSense programme,
- Facebook Inc. (registered office address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) for the Facebook Pixel for tracking conversions from Facebook ads, optimizing them on the basis of collected data and statistics and building a targeted audience list for future ads.
- Third party analytics technologies integrated into the Administrator's services (including SDKs [Software Development Kit] and APIs [Application Program Interfaces]) may combine data collected in connection with your use of the Administrator's website with information they have collected separately over time and/or across platforms. Many of these companies collect and use information under their own data protection policies, which can be found on their websites. The Administrator encourages you to review these policies.
- The Administrator's website may use the functionality of Google Analytics, a web analytics service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookies about your use of the website is generally transmitted to and stored by Google on servers in the United States. According to current IT standards, the IP addresses of users visiting the Administrator's website are shortened. Only in exceptional cases the complete IP address is sent to a Google server in the USA and shortened there. On behalf of the Administrator, Google will use this information for the purpose of evaluating the website for its users, compiling reports on website activity and providing other services relating to website activity and internet usage to website operators. Google will not associate the IP address transmitted as part of Google Analytics with any other data held by Google. For more information on how Google Analytics collects and uses data, please visit Google's official website at www.google.com/policies/privacy/partners. In addition, each User can prevent the collection and processing of data about his/her use of the website by Google by downloading and installing a browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
- The Administrator, when making the data available to third parties, makes every effort to ensure that this is done only to entities certified under the (former) EU-U.S. and Switzerland-U.S. Privacy Shield programmes, which are available at www.privacyshield.gov. Such entities, when using information originating from the European Economic Area (EEA), will do so in accordance with the principle of "Accountability for Onward Transfer". (Privacy Shield Accountability for Onward Transfer. Where appropriate, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the July 16, 2020 decision of the Court of Justice of the European Union with respect to the EU-US Privacy Shield and the European Data Protection Board Guidelines, the Controller continues to assess the legal regime of the countries to which data is transferred and, where necessary, update measures to ensure adequate levels of protection.
4. User’s rights
- The User whose personal data is being processed has the right to:
- access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing, and has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO.
- withdrawal of consent at any time - a person whose data are processed by the Administrator on the basis of an expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO) has the right to withdraw the consent at any time without affecting the legality of the processing performed on the basis of the consent before its withdrawal.
- lodge a complaint to the supervisory authority - in the manner and according to the procedure provided for in the provisions of the DPA Regulation and Polish law, in particular the RODO. The supervisory authority in Poland is the President of the Personal Data Protection Office.
- objection - The data subject shall have the right to object at any time - on grounds relating to his or her particular situation - to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The controller shall in that case no longer be permitted to process such personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
- objection to direct marketing - if personal data are processed for the purposes of direct marketing (based on the Controller's legitimate interests, not on the basis of the data subject's consent), the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
- The exercise of the above rights is subject to a request by the user sent to the e-mail address contact@cosmonity.com. Such request shall include the user's first and last name.
- The user shall ensure that the data provided or published by him on the website is correct.
- Cookies are computer data, in particular text files, stored on the end user's device (usually on your computer's hard drive or in your mobile device) to store certain settings and data by the user's browser in order to use websites. These files allow for recognition of the user's device and appropriate display of the website, ensuring comfort during its use. The storage of cookies allows the website and the offer to be tailored to the user's preferences - the server recognizes the user and remembers preferences such as visits, clicks and previous actions.
- Cookies contain, in particular, the domain name of the website from which they originate, the time of storage on your terminal device and a unique number to identify the browser from which you connect to the website.
- Cookies are used in order to:
-
- adjust the content of websites to user preferences and optimize the use of websites,
- creating anonymous statistics, which by helping to determine how a user uses websites allow for improving their structure and content,
- providing website users with advertising content tailored to their interests.
- Cookies are not used to identify a user and on their basis is not determined his identity.
-
- Cookies might be divided into:
- Essential cookies - these are absolutely essential for the proper functioning of the website or functionality you wish to use, as without them we would not be able to provide many of the services we offer. Some of them also ensure the security of services provided by us electronically.
- Functional cookies - are important for the operation of the website due to the fact that:
- their purpose is to enrich the functionality of websites; without them the website will work correctly, but will not be adapted to user preferences,
- their purpose is to ensure a high level of functionality of the website; without them the level of functionality of the website may decrease, but their absence should not prevent the complete use of the website,
- they serve the majority of website functionality; their blocking will cause that selected functions will not work properly.
- Business cookies - make it possible to implement the business model on the basis of which the website is made available; their blocking will not make the entire functionality of the website unavailable, but it may lower the level of service provision due to the website owner's inability to realise revenues subsidising its operation. This category includes, for example, advertising cookies.
- Cookies for website configuration - to enable setting functions and services on websites.
- Security and reliability cookies - to verify authenticity and optimise website performance..
- Authentication cookies - to provide information when a user is logged in so that the website can show relevant information and functions.
- Session status cookies - these cookies enable us to record information about how users use a website. They may relate to the most frequently visited pages or possible error messages displayed on some pages. Session state cookies help to improve our services and make browsing more comfortable.
- Cookies which analyse the processes taking place on the website - they enable efficient functioning of the website and the functions available on it.
- Ad serving cookies - to display advertisements that are of greater interest to users and at the same time of greater value to publishers and advertisers; cookies may also be used to personalise advertising and to display advertisements outside of web pages.
- Location-aware cookies – they allow you to tailor the information displayed to your location.
- Cookies for analysis, research or audience auditing – they allow the owner of websites to better understand the preferences of their users and through analysis improve and develop products and services. Usually the website owner or research company collects information anonymously and processes data on trends, without identifying personal data of individual users.
- As a rule, the use of cookies to adapt the content of websites to user preferences does not mean that any information identifying the user is collected, although such information may sometimes have the nature of personal data, i.e. data enabling the attribution of certain behaviors to a specific user. Personal data collected using "cookies" may only be collected in order to perform specific functions for the user. Such data is encrypted in a manner that prevents access by unauthorized persons.
- Cookies used by this website are not harmful to the user or the final device used by the user, so in order for the website to function properly it is recommended not to disable their use in browsers. In many cases, the software used to browse the Internet (web browser) by default allows to store information in the form of "cookies" and other similar technologies in the end user's device. The user can change the way the browser uses cookies at any time. In order to do so, the browser settings must be changed. The method of changing the settings varies depending on the software (web browser) used. Relevant instructions can be found on the subpages, depending on the browser you use.
- Cookies are also used to facilitate logging into your account, including via social media, and to enable you to move between subpages on websites without having to log in again on each subpage. At the same time, cookies are used to secure websites, e.g. to prevent access by unauthorized persons.
- As part of the cookie technology, the Administrator may use tracking pixels or pure GIF files in order to collect information about the user's use of its services and his/her reaction to marketing messages sent via e-mail. A pixel is a piece of software code that allows an object, usually a pixel-sized image, to be embedded on a page, which provides the ability to track user behavior on the web pages on which it is deployed. When the appropriate consent is given, the browser automatically establishes a direct connection to the server that stores the pixel, so the processing of data collected by the pixel is carried out under the data protection policy of the partner who administers the aforementioned server.
- The Administrator may use web log files (which contain technical data such as the user's IP address) to monitor traffic on its services, troubleshoot technical problems, detect and prevent fraud, and enforce the User Agreement.
- The Administrator herein announces that the website does not respond to Do Not Track (DNT) signals, but you may disable certain forms of online tracking, including certain analytics and personalized advertising, by changing the cookie settings in your browser or using our cookie consent tools (if applicable).
- Detailed information on how to change your cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (click on the relevant link):
- Detailed information about managing cookies on your cell phone or other mobile device should be found in the user manual for the mobile device you’re using.