Privacy and Cookies Policy

PRIVACY POLICY

§ 1 General provisions

The administrator of personal data of users of the website located under the domain www.meowbaby.pl is MATHILDE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, headquartered in Kołobrzeg, at ul. Witkowice 1, 78-100 Kołobrzeg, registered in the National Court Register maintained by the District Court in Koszalin, 9th Commercial Division of the National Court Register under number KRS: 0001182819, NIP: 6711867819, REGON: 542199358 (hereinafter: "Administrator").

1. Contact with the Administrator is possible:

• to the email address: meow@meowbaby.eu,

• in writing, to the Administrator's address: ul. Witkowice 1, 78-100 Kołobrzeg.

2. The purpose of the Policy is to define the actions taken regarding personal data collected through the Administrator's website and related services and tools used by its users, as well as within the activity of concluding and performing contracts in contact outside the website.

3. If necessary, the provisions of this Policy may change. The change will be communicated to users by announcing the new content of the Policy, and in the case of the database of persons who have consented to data processing via email or provided email data when concluding contracts, they will also be notified of the change by email.

§ 2 Grounds for processing, purposes, and storage of personal data

1. Users' personal data are processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of 10.05.2018, and the Act on Providing Electronic Services of 18.07.2002.

2. In the case of processing personal data based on an email or complaint sent by the user, such processing takes place under art. 6 sec. 1 lit. b of the General Data Protection Regulation, according to which data processing is necessary to take action at the request of the data subject.

3. If the user gives separate consent, their personal data may also be processed by the administrator for marketing purposes, including sending commercial information electronically to the email address provided by the user (art. 6 sec. 1 lit. a of the General Data Protection Regulation).

4. In the case of concluding and performing a sales contract or service contracts by the Administrator, the other party is obliged to provide data necessary for concluding the contract (which is a contractual requirement, and in the case of tax numbers also a statutory requirement), and for this purpose the Administrator processes personal data (art. 6 sec. 1 lit. b of the General Data Protection Regulation).

5. In the case of conducting research and analyses to improve the operation of available services (e.g., tracking tools), the legal basis for data processing is indicated as art. 6 sec. 1 lit. f of the General Data Protection Regulation.

6. Additionally, the Administrator may collect the following data for the following purposes:

7. Users' personal data is stored no longer than necessary to achieve the processing purpose, i.e., until consent is withdrawn if processing is based on such consent, until the expiration of claims by the Administrator and the other party regarding the execution of concluded contracts (in the case of sales contracts/service contracts 2 years, counting to the end of the year), and until the inquiry sent by e-mail is processed or until the complaint handling is completed.

8. The Administrator may use profiling for direct marketing purposes, but decisions made by the Administrator based on it do not concern the conclusion or refusal to conclude a contract, nor the possibility of using electronic services. The effect of profiling may be, for example, granting a person a discount, sending them a discount code, reminding them of unfinished purchases, sending a product proposal that may match the interests or preferences of that person, or offering better conditions compared to the standard offer. Despite profiling, the person freely decides whether to use the discount or better conditions received in this way and make a purchase. Profiling involves automatic analysis or prediction of a person's behavior on the Administrator's website, e.g., by adding a specific product to the cart, browsing a specific product page, or analyzing the previous activity history on the site. A condition for such profiling is that the Administrator has the personal data of the person to be able to send, for example, a discount code.

9. To the extent necessary for the proper functioning of the website and its functionality, the site may collect other information during the User's use, including but not limited to:

   1. IP address;

   2. information about the device, hardware, and software, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising [„IDFA”] or advertising identifier on an Android device [„AAID”]),

   3. type of platform,

   4. approximate geolocation data (developed based on IP address or device settings);

   5. data concerning the web browser, including the type of browser and preferred language

10. Taking into account the nature, scope, context, and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with varying likelihood and severity of threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically.

§ 3 Data Sharing

1. The Administrator ensures that all collected personal data is used to fulfill obligations towards users. This information will not be shared with third parties except in situations where:

   1. explicit consent of the persons concerned has been previously given for such action, or

   2. if the obligation to transfer this data arises or will arise from applicable law, e.g., law enforcement authorities.

2. Additionally, personal data of service recipients and clients may be transferred to the following recipients or categories of recipients:

   1. About the service provider supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business activities, including the website and electronic services provided through it (in particular, software providers, marketing agencies, email and hosting providers, software providers for company management and technical support for the Administrator and the product delivery operator) - the Administrator shares the collected personal data of the Client with the selected provider acting on its behalf only in the case and to the extent necessary to fulfill the specific purpose of data processing in accordance with this privacy policy.

   2. About the provider of accounting, legal, and advisory services supporting the Administrator with accounting, legal, or advisory assistance (in particular, an accounting office, law firm, or debt collection company) - the Administrator shares the collected personal data of the Client with the selected provider acting on its behalf only in the case and to the extent necessary to fulfill the specific purpose of data processing in accordance with this privacy policy.

3. The Administrator may share anonymized data (i.e., data that does not identify specific Users) with external service providers to better understand the attractiveness of advertisements and services for users, and in this regard, due to the location of software providers, data may be transferred – while maintaining protection principles – to third countries that ensure the standard contractual clauses approved by the European Commission regarding personal data processing or have appropriate authorization to act based on bilateral data processing agreements between the European Union and the given third country, which is not a member of the European Economic Area. These entities, in the case of the Administrator, are:

1. 1. Google LLC. (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag Manager: used to manage scripts by easily adding code snippets to the website or application and tracking user actions on the website, Google Ads used to display sponsored links in Google search results and on partner sites within the Google AdSense program,

   2. Meta Platforms, Inc. (headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook portal ads, optimize them based on collected data and statistics, and build an audience list targeted for future ads.

2. The Administrator's website may use the functionality of Google Analytics, a web traffic analysis service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by the cookie about visitors' use of the site is generally transmitted to Google and stored on servers in the United States. According to current IT standards, the IP addresses of users visiting the Administrator's site are shortened. Only in exceptional cases is the full IP address sent to Google's server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its users, prepare reports on website traffic, and provide other services related to website traffic and Internet usage for website operators. Google will not associate the IP address provided within Google Analytics with any other data held by it. More information about how Google Analytics collects and uses data can be found on Google's official website at: www.google.com/policies/privacy/partners. Additionally, each User can prevent Google from collecting and processing data about their use of the website by downloading and installing a browser plugin at the following link: http://tools.google.com/dlpage/gaoptout.

3. When sharing data with third parties, the Administrator makes every effort to ensure that this is done only with entities holding certificates under the (former) EU–US and Switzerland–US Privacy Shield programs, which are available at www.privacyshield.gov. Such entities, when using information originating from the European Economic Area (EEA), will do so in accordance with the principle of "accountability for onward transfer" of the Privacy Shield program. Where applicable, the Administrator will rely on the EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020 regarding the EU–US Privacy Shield and the guidelines of the European Data Protection Board, the Administrator continues to assess the legal system of the countries to which data is transferred and, as necessary, updates measures to ensure adequate levels of protection.

4. The Administrator may, after obtaining the user's prior consent expressed by selecting the appropriate icon during the order process, transfer the user's data (in particular email address and order information) to an external portal for the purpose of obtaining the user's opinion about that order. The above data will be transferred only after obtaining the user's consent and may be published by the Administrator, including on the portal.

§ 4 User Rights

The user whose personal data is processed has the right to:

1. 1. access, rectification, restriction, erasure or transfer - the data subject has the right to request from the Administrator access to their personal data, their rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the above rights are specified in Articles 15-21 of the GDPR Regulation.

   2. withdrawal of consent at any time – the person whose data is processed by the Administrator based on given consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing carried out based on consent before its withdrawal.

   3. filing a complaint with the supervisory authority – the person whose data is processed by the Administrator has the right to file a complaint with the supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw.

   4. objection - the person whose data is concerned has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process this personal data unless they demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or grounds for the establishment, exercise, or defense of legal claims.

   5. objection regarding direct marketing - if personal data is processed for the purposes of direct marketing (based on the legitimate interest of the Administrator, not on the basis of the data subject's consent), the person whose data is concerned has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

§ 5 Cookies

1. Cookies should be understood as IT data, in particular text files, stored on end-user devices (usually on a computer's hard drive or a mobile device) used by the user's browser to save specific settings and data for using websites. These files allow the recognition of the user's device and appropriately display the website, ensuring comfort during its use. Storing cookies thus enables the proper preparation of the website and offer according to the user's preferences - the server recognizes and remembers, among others, preferences such as visits, clicks, previous actions.

2. "Cookies" contain in particular the domain name of the internet service from which they originate, the time they are stored on the end device, and a unique number used to identify the browser from which the connection to the website is made.

3. Cookies are used for the purpose of:

   1. adapting website content to user preferences and optimizing website usage,

   2. creating anonymous statistics which, by helping to determine how the user uses websites, enable improving their structure and content,

   3. delivering website users advertising content tailored to their interests.

4. Cookies do not serve to identify the user and do not establish their identity.

5. The fundamental division of cookies is their distinction into:

   1. Essential cookies - are absolutely necessary for the proper functioning of the website or the functionalities the user wants to use, as without them we could not provide many of the services we offer. Some of them also ensure the security of services provided by us electronically.

   2. Functional cookies - are important for the operation of the website because:

• • • They enrich website functionality; without them, the website will work correctly, but will not be tailored to the user's preferences,

    • They ensure a high level of website functionality; without them, the functionality level of the website may decrease, but their absence should not prevent full use of it,

    • They serve most website functionalities; blocking them will cause selected functions to not work properly.

1. 3. Business-related cookies - they enable the implementation of the business model on which the website is based; blocking them will not cause the entire functionality to be unavailable, but may reduce the level of service due to the inability of the website owner to generate revenue subsidizing its operation. This category includes, for example, advertising cookies.

   4. Cookies used for website configuration - they enable the settings of functions and services on websites.

   5. Cookies used for the security and reliability of websites - they enable authentication verification and optimization of website performance.

   6. "Cookies" used for authentication enable informing when a user is logged in, allowing the website to show appropriate information and functions.

   7. "Cookies" examining session state allow saving information about how users use the website. They may concern the most frequently visited pages or possible error messages displayed on some pages. Cookies used to save the so-called "session state" help improve services and increase browsing comfort.

   8. "Cookies" examining processes occurring on the site enable the smooth operation of the website and its available functions.

   9. "Cookies" supporting advertisements allow displaying ads that are more interesting to users and simultaneously more valuable to publishers and advertisers; cookies may also be used to personalize advertising and to display ads outside of websites.

   10. "Cookies" accessing location enable the customization of displayed information according to the user's location.

   11. "Cookies" used for analysis, research, or audience auditing enable the website owner to better understand their users' preferences and improve and develop products and services through analysis. Usually, the website owner or research company collects information anonymously and processes data about trends without identifying personal data of individual users.

6. The use of "cookies" to tailor website content to user preferences does not generally mean collecting any information that allows user identification, although this information may sometimes be personal data, i.e., data enabling the assignment of certain behaviors to a specific user. Personal data collected using "cookies" may only be gathered for performing specific functions on behalf of the user. Such data is encrypted in a way that prevents unauthorized access.

7. Cookies used by this website are not harmful to either the user or the end device they use, therefore, to ensure the proper functioning of the service, it is recommended not to disable their handling in browsers. In many cases, software used to browse websites (web browser) by default allows storing information in the form of "cookies" and other similar technologies on the user's end device. The user can change the way cookies are used by the browser at any time. To do this, you need to change the browser settings. The method of changing settings varies depending on the software (web browser) used. Appropriate instructions can be found on subpages depending on the browser you use.

8. Cookies are also used to facilitate logging into the user account, including via social media, and to enable navigation between subpages on websites without the need to log in again on each subpage. At the same time, cookies are used to secure websites, e.g., preventing unauthorized access.

9. As part of cookie technology, the administrator may use tracking pixels or clear GIF files to collect information about how the user uses its services and their response to marketing messages sent by email. A pixel is a software code that allows embedding an object, usually a one-pixel image, on a page, enabling tracking of user behavior on websites where it is placed. Upon giving appropriate consent, the browser automatically establishes a direct connection with the server hosting the pixel, so data processing collected by the pixel is carried out under the data protection policy of the partner managing the said server.

10. The administrator may use internet log files (which contain technical data such as the user's IP address) to monitor traffic within its services, troubleshoot technical issues, detect and prevent fraud, and enforce the User Agreement.

11. The administrator informs that the site does not respond to DNT (Do Not Track) signals, however, the user can disable certain forms of online tracking, including some analytical data and personalized ads, by changing cookie settings in their browser or using our cookie consent tools (if applicable).

12. Detailed information on changing cookie settings and deleting them independently in the most popular web browsers is available in the web browser's help section and on the following pages (just click on the link):

• • in the Chrome browser

  • in the Firefox browser

  • in the Opera browser

  • in the Safari browser

  • in the Microsoft Edge browser

13. Detailed information on managing cookies on a mobile phone or other mobile device should be found in the user manual of the respective mobile device.