Privacy Policy & Data Protection | Italpouf Ireland

Privacy policy

This Privacy Policy sets out the rules for saving and accessing data on Users' devices when using the Website, for the purposes of providing electronic services by the Administrator, and the rules for collecting and processing Users' personal data provided voluntarily through the tools available on the Website. It applies to italpouf.ie and is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Irish Data Protection Act 2018.

This Privacy Policy is an integral part of the Website Terms, which define the rules, rights and obligations of Users using the Website.

§1 DEFINITIONS

• Website – the "ITALPOUF" website operating at https://italpouf.ie
• External website – websites of partners, service providers or service recipients cooperating with the Administrator
• Website / Data Administrator (Controller) – the Administrator and Data Controller is PERSONEO SP. Z O.O., with its registered office at ul. Armii Krajowej 7/17, 33-300 Nowy Sącz, Poland, EU VAT number PL7343529933, providing electronic services via the Website and trading under the Italpouf brand
• User – a natural person to whom the Administrator provides services electronically via the Website
• Device – an electronic device with software through which the User accesses the Website
• Cookies – text data stored as files placed on the User's device
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Personal data – information about an identified or identifiable natural person ("data subject")
• Processing – any operation performed on personal data, such as collecting, recording, storing, adapting, retrieving, using, disclosing, erasing or destroying
• Restriction of processing – marking stored personal data in order to limit their future processing
• Profiling – any form of automated processing of personal data used to evaluate certain personal aspects of a natural person
• Consent – a freely given, specific, informed and unambiguous indication of the data subject's wishes by which they agree to the processing of their personal data
• Personal data breach – a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data
• Pseudonymisation – processing personal data so that they can no longer be attributed to a specific data subject without additional information kept separately
• Anonymisation – an irreversible process that makes it impossible to identify or link a record to a specific user

§2 DATA PROTECTION OFFICER

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer, as it is not required to do so.

In matters relating to the processing of personal data, please contact the Administrator directly using the details in §14.

§3 TYPES OF COOKIES

• Internal cookies – files placed and read from the User's device by the Website's IT system
• External cookies – files placed and read from the User's device by the IT systems of external websites
• Session cookies – files placed and read during a single session; deleted when the session ends
• Persistent cookies – files that remain until manually deleted or until they expire

§4 SECURITY OF DATA STORAGE

• Mechanisms for storing and reading cookies are implemented through built-in browser mechanisms and do not allow downloading other data from the User's device or from other websites visited by the User.
• Internal cookies used by the Administrator are safe for Users' devices and do not contain scripts or content that may threaten the security of personal data.
• External cookies – the Administrator selects reputable partners but does not have full control over the content of cookies set by external partners. A list of partners is provided later in this Policy.
• Cookie control – the User can at any time change the settings for saving, deleting and accessing cookies in their browser. Information on how to disable cookies is available in the help pages of the most popular browsers (Chrome, Firefox, Edge, Safari, Opera).
• The User may at any time delete all cookies saved so far using the tools of their device.
• Storage of personal data – the Administrator makes every effort to keep processed personal data secure, with restricted access, using appropriate physical and organisational safeguards.
• Password storage – passwords are stored in encrypted form using current standards.

§5 PURPOSES FOR WHICH COOKIES ARE USED

• Streamlining and facilitating access to the Website
• Personalisation of the Website for Users
• Enabling login to the site
• Marketing and remarketing (only with consent)
• Advertising services (only with consent)
• Keeping statistics (only with consent)
• Serving multimedia content

§6 PURPOSES OF PERSONAL DATA PROCESSING

Personal data voluntarily provided by Users is processed for one or more of the following purposes:

• Provision of electronic services and processing of orders
• Registration and maintenance of the User's account on the Website
• Newsletter services (sending marketing content, with consent)
• Communication with Users regarding the Website, orders and data protection
• Compliance with the Administrator's legal obligations (e.g. accounting and tax)
• Pursuit of the Administrator's legitimate interests

Data collected anonymously and automatically is processed to keep statistics and, with consent, for remarketing and tailored advertising.

§7 COOKIES OF EXTERNAL SERVICES

The Website uses scripts and components of partners which may place their own cookies on the User's device (loaded only where you have given consent). These may include:

• Statistics: Google Analytics
• Advertising / remarketing: Google Ads
• Social and content tools: Meta (Facebook / Instagram)
• Multimedia: YouTube

Services provided by third parties are beyond the control of the Administrator; these entities may change their own terms and privacy policies at any time.

§8 TYPES OF COLLECTED DATA

Some data is collected automatically and anonymously, and some is personal data provided voluntarily.

Anonymous data collected automatically:

• IP address, browser type, screen resolution, approximate location
• Pages visited and time spent, operating system, referrer address
• Browser language, internet service provider

Data collected during registration / ordering:

• First name / surname
• E-mail address
• Phone number
• Delivery and billing address
• IP address (collected automatically)
• Where relevant for business customers: VAT number

Data collected when subscribing to the Newsletter:

• First name (optional)
• E-mail address
• IP address (collected automatically)

§9 ACCESS TO PERSONAL DATA BY THIRD PARTIES

As a rule, the recipient of personal data provided by Users is the Administrator. Data is not sold to third parties. Access to data (under a data-processing agreement) may be granted to entities providing the infrastructure and services necessary to run the Website, namely:

• Hosting / server providers
• Providers of the newsletter service
• Couriers delivering orders (DHL, GLS)
• The payment service provider processing online payments

Hosting. The Website is hosted on dedicated server infrastructure located within the European Union. Access to data may occur during maintenance carried out by the hosting provider's personnel, governed by an agreement with the Administrator.

Online payments. In the case of online payments, payment data is transferred directly by the User to the payment service provider that processes the transaction. Only the data necessary to complete the transaction is passed to the Administrator. For italpouf.ie the payment service provider is Stripe Payments Europe Ltd (Dublin, Ireland).

§10 METHOD OF PROCESSING PERSONAL DATA

Personal data provided voluntarily by Users:

• will not be transferred outside the European Economic Area unless an appropriate safeguard or adequacy decision applies (see the international-transfers note below);
• will not be used for automated decision-making (profiling) with legal effect;
• will not be sold to third parties.

§11 LEGAL BASIS FOR PROCESSING PERSONAL DATA

The Website collects and processes Users' data on the basis of:

• Regulation (EU) 2016/679 (GDPR)
• Article 6(1)(a) GDPR – the data subject has given consent for one or more specific purposes
• Article 6(1)(b) GDPR – processing is necessary for the performance of a contract or to take steps prior to entering into a contract
• Article 6(1)(c) GDPR – processing is necessary to comply with a legal obligation (e.g. accounting and tax)
• Article 6(1)(f) GDPR – processing is necessary for the legitimate interests of the Administrator or a third party
• the Irish Data Protection Act 2018, which gives further effect to the GDPR

§12 PERSONAL DATA RETENTION PERIOD

Personal data provided voluntarily by Users is stored only for the period the service is provided. It is deleted or anonymised within 30 days of the end of the service (e.g. deletion of a registered account, unsubscribing from the Newsletter), unless a legitimate purpose requires further retention. In the event of a dispute or suspected breach of the Terms, data may be retained for no longer than 3 years. Data required to meet legal obligations (e.g. invoicing and tax records) is retained for the period required by law.

Anonymous statistical data, which is not personal data, may be stored indefinitely for statistical purposes.

§13 RIGHTS OF USERS RELATED TO THE PROCESSING OF PERSONAL DATA

Users have the following rights under the GDPR:

• Right of access to their personal data (Article 15)
• Right to rectification of incorrect or incomplete data (Article 16)
• Right to erasure ("right to be forgotten") (Article 17). For the Newsletter, you can remove your data using the link in each email.
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing (Article 21)
• Right to withdraw consent at any time, without affecting prior lawful processing
• Right to lodge a complaint with the supervisory authority. In Ireland this is the Data Protection Commission (DPC), 6 Pembroke Row, Dublin 2, D02 X963, Ireland; email [email protected]; tel. +353 (0)1 765 0100 / 1800 437 737; website dataprotection.ie.

To exercise any of these rights, please contact the Administrator using the details in §14.

§14 CONTACTING THE ADMINISTRATOR

The Administrator can be contacted in the following ways:

Postal address – Personeo Sp. z o.o., ul. Armii Krajowej 7/17, 33-300 Nowy Sącz, Poland

E-mail address – [email protected]

Contact form – available at: https://italpouf.ie/contact

§15 SERVICE REQUIREMENTS

• Restricting the storage of and access to cookies on the User's device may result in some Website functions not working correctly.
• The Administrator is not responsible for incorrectly functioning Website features where the User restricts the saving and reading of cookies.

§16 EXTERNAL LINKS

Articles, posts or comments may contain links to external websites with which the Website Owner does not cooperate. The Administrator is not responsible for content outside the Website.

§17 CHANGES TO THE PRIVACY POLICY

• The Administrator reserves the right to change this Privacy Policy. Material changes affecting the processing of personal data will be communicated to Users who have accounts or newsletter subscriptions by email.
• Changes are published on this page and take effect upon publication.