Privacy Policy

TATUUM INTERNET STORE PRIVACY POLICY AND COOKIES

I. Legal basis

The administrator declares that processing of the Users’ personal data takes place in accordance with personal data protection regulations - the Resolution by the European Parliament and Council (EU) 2016/679 dated 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation “RODO”).

II. General terms

1. This Privacy Policy informs of the methods of protecting the personal data of users of the service found under the electronic address: www.tatuum.com

2. The Administrator of the Service Users is the company KAN Sp. z o.o., with a registered office in Łódź (92-760), at the address ul. Wiączyńskiej 8A, for which the District Court for Łódź-Śródmieście, XX Commercial Division of the National Court Register keeps registration files under the KRS no. 0000119998, Tax ID 7251019880.

3. The Service performs functions related to collecting information on its users and their behaviours in the following manner:

a. Through information voluntarily entered in forms.

b. Through the storage of cookie files (so called “cookies”) on end user devices.

3. The contents of the Service’s websites constitutes the property of the Administrator and is legally protected.

4. In order to use the Service, the User must have access to a computer or device with installed software which enables browsing Internet pages and access to the Internet. Access to the Service may take place using available Internet browsers.

5. The Administrator declares that the Service’s websites are free of any content which infringes on the rights of third parties or any applicable legal regulations, in particular content which includes information which may cause or constitute a risk to the privacy or safety of any individuals, contains information promoting illegal actions or behaviors, which is offensive, constitutes a threat, is indecent, defamatory or slanderous, incites racism, ethnic, cultural or religious prejudice, promotes or facilitates criminal activity, violates the rights of third parties, including intellectual property rights, or constitutes any other violation of legally protected rights.

III. Information in forms.

1. The Service collects information provided voluntarily by the user.

2. The Service may additionally store information of the connection parameters (timestamp, IP address).

3. Data in forms is made available to:

• employees or partners authorized by the Administrator;

• entities cooperating in the area of providing the Newsletter, sms service,

• delivery service providers;

• on-line payment service providers;

• authorized bodies on the basis of legally valid requests, in the scope arising from such requests.

• The IP address is provided in an anonymised (encrypted) form to Google LLC for the purpose of generation of statistical data;

• Personal data will also be provided to social media suppliers (Facebook, Instagram). Data recipients may have their seats in countries outside of the European Economic Area (EEA), however, in such a case the Administrator will ensure a suitable level of security in order to ensure protection of the identifiable person, and the transfer of personal data to third countries will take place on the basis of standard contract clauses.

• SalesManago - https://pomoc.salesmanago.pl/monitorowanie-kontaktow-zasada-dzialania-i-zakres-zbieranych-informacji;

4. Data provided in forms may constitute part of the process of servicing potential customers, included by the Administrator in the register of personal data processing activities.

5. Data provided in the forms are processed for the purposes of:

• providing the service of opening an maintaining an account, enabling an order to be placed and executed and enabling a distance contract of sale to be entered into, via Tatuum store (Article 6(1)(b) of the GDPR), for the entire period of order execution, and – if an account is maintained – until it is removed, and thereafter for the purposes connected with establishment, exercise or defence of mutual legal claims. Provision of data for this purpose is voluntary, but necessary for achievement of the above-mentioned purposes;

• exercising your right to have a complaint handled on the basis of Article 6(1)(b) and Article 6(1)(c) of the GDPR – Civil Code of 23 April 1964 (“Dziennik Ustaw” [Journal of Laws] of 2019, item 1145, consolidated text). Your personal data will be processed for a period required for a complaint to be handled, for a period of 1 year – after expiration of commercial warranty or after settlement of complaint, in accordance with Section 74(2)(6) of the Accounting Act of 29 September 1994 (“Dziennik Ustaw” [Journal of Laws] of 2019, item 351, consolidated text), and thereafter for the purposes, for the period and within the scope required by the provisions of law or for securing any legal claims until they become time-barred. Provision of data for this purpose is voluntary, but necessary for achievement of the above-mentioned purposes;

• ensuring compliance with obligations to which the Controller is subject, arising primarily from the provisions of tax and accounting law (Article 6(1)(c) of the GDPR), for a period specified in those provisions of law;

• enabling participation in and management of Tatuum Generations Programme, including granting of discounts and other benefits to programme participants – on the basis of a statement of intent to join the programme which, when completed and submitted to the Controller, is deemed to constitute consent to data processing for purposes connected with participation in the programme (Article 6(1)(a) of the GDPR). We process your data for the entire period of participation in the Programme in accordance with the provisions of law applicable in this respect and with the Terms of Service available on the website. Provision of data for this purpose is voluntary, but necessary to participate in Tatuum Generations Programme;

• sending to you information about products and offers of Kan Sp. z o.o., as part of direct marketing – for the purpose of pursuing legitimate interests of the Controller in the form of direct marketing of its own products and services, i.e. Article 6(1)(f) of the GDPR; however, in accordance with the provisions of the Act on Provision of Services by Electronic Means and of the Telecommunications Law Act, we need additional consent to using provided communication channels (e-mail address, telephone number) for marketing activities. In this case, your data will be processed until you object to processing of such data or until you withdraw your consents to receiving information about products and offers by electronic means;

• sending out information about products and offers of the Controller by e-mail in the form of a newsletter – the legal basis for personal data processing are legitimate interests of the Controller (Article 6(1)(f) of the GDPR) in connection with your consent to receiving newsletters. The Controller sends out information about its products and offers to persons who provided their e-mail addresses for that purpose. The Controller sends out such information only if you expressed your consent, which may be withdrawn at any time – without affecting the lawfulness of processing based on consent before its withdrawal. Your personal data will be processed until you withdraw your consent or make an effective objection to processing of your personal data. Provision of data for this purpose is voluntary, but necessary to receive newsletters;

• answering queries submitted via the contact form, i.e. for the purpose of pursing legitimate interests of the Controller in the form of communication with website users, and answering queries submitted to the Controller, on the basis of Article 6(1)(f) of the GDPR. In this case, your data will be processed until messages are handled and replied to or until an effective objection to data processing is made. Provision of your personal data is voluntary but necessary to receive an answer to a query submitted via the contact form.

• establishing, exercising or defending any legal claims which may arise in connection with the above-mentioned purposes, activities of the Controller and provision of services – for the purpose of pursuing legitimate interests of the Controller in the form of securing legal claims, i.e. on the basis of Article 6(1)(f) of the GDPR, for a period specified in the provisions of law relating to time bars on legal claims.

In some cases, the Controller uses profiling for its marketing activities. It means that on the basis of your personal data held by the Controller and information about products purchased by you the Controller will draw conclusions about your preferences and interests which may be used by us to better align our marketing messages with your expectations. Therefore, profiling will include aligning displayed advertisements, products presented at the time of order placement, sent information about products and services and about promotions and discounts offered by the Controller, on the basis of purchases and products browsed in the brick-and-mortar and online store. You have the right to object to such activities at any time.

IV.Rights of data subjects

1. Provision on consent to be added: The User has the right to request access to and rectification, erasure of his or her personal data or restriction of processing and the right to object to processing, the right to withdraw his or her consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, and the right to data portability

2.You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you think that your data are processed in breach of the provisions on personal data protection. Detailed information about the right to lodge a complaint is available on the following website: https://uodo.gov.pl/pl/83/155

V. Information regarding cookie files

1. The Service uses cookie files.

2. Cookie files (so called “cookies”) constitute information data, in particular text files, which are stored on the Service User’s device and are intended to use the Service’s websites.

Cookies usually contain the name of the website from which they originate, the time of their storage on the User’s device, and a unique number.

3. The entity which places cookie files on the Service User’s device and accesses them is the Service’s operator.

4. Cookie files are used for the following purposes:

a. creating statistics which help understand the manner in which Service Users use the websites, which enables improvements to their structure and content;

b. maintaining the Service User’s session (after logging in), thanks to which the User is not required to re-enter the login and password on every subpage of the Service;

c. determining the User’s provide for the purpose of displaying appropriate materials in advertising networks, in particular the Google network.

5. The Service incorporates two primary types of cookie files: “session cookies” and “persistent cookies”. “Session cookies” are temporary files which are stored on the User’s device until the moment of logging out, leaving the website or disabling the software (Internet browser). “Persistent cookies” are stored on the User’s device for a time specified in the cookie file parameters or until their removal by the User.

6. Internet site browsing software (the Internet browser) usually by default allows storage of cookie files on the User’s device. Service Users may make changes to settings in this regard. The Internet browser allows to remove cookie files. It is also possible to automatically block cookie files. Detailed information on this topic can be found in the Internet browser’s help section or documentation.

7. Restrictions on the use of cookie files may affect certain functions available on the Service’s websites.

8. Cookie files are placed on the end device of the Service User, and may also be used by advertisement providers and partners cooperating with the Website operator. Such entities are e. g RTBHouse - https://www.rtbhouse.com/privacy-center/services-privacy-policy-pl/; Insider - https://useinsider.com/privacy-policy”; CUX.IO - https://app.cux.io/legal/privacy-policy;

9. We recommend reading the privacy protection policies of such companies in order to become familiar with the rules of using cookie files in statistics: https://www.google.analytics

10. Cookie files may be used by advertising networks, in particular Google, to display advertisements adapted to the manner in which the User uses the Service. For that purpose they may contain information of the User’s navigation path or time spent on a given site.

11. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/

12. How to manage cookie files – Internet browser manufacturers’ instruction:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer< /p>

Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Safari: http://safari.helpmax.net/en/saving-time/blocking-content/

Opera: http://help.opera.com/Linux/9.22/en/cookies.html

13. In accordance with applicable regulations of the 16th of July 2004 telecommunications law act, the User has the right to decide on the scope of access of cookie files to their computer through their prior choice in the window of their browser.

VI. WP PIXEL

1. As part of keeping the platform, we use marketing tools available on WP and provided by Wirtualna Polska Holding S.A., ul. Jutrzenki 137A, 02-231 Warszawa.

2. Based on these tools, the data collector sends advertisements to users, relying on the legitimate interest of the data collector, that is marketing own products and services in the form of adapting to needs and interests of advert users.

3. In order to direct customized advertisements to users, the data collector has implemented PW Pixel on the platform.

4. WP Pixel is used to collect data on users’ interactions with the platform. Such interaction can be adding a product to cart or purchasing the product. WP Pixel collects data on platform users’ behavior and additional data – users’ activity parameters provided by the platform. Information collected in this manner is provided to Wirtualna Polska Holding S.A. and eventually archived there.

5. The information collected through WP Pixel is anonymous, thus preventing the data collector from identifying users.

6. The data collector hereby informs that Wirtualna Polska Holding S.A. may combine this information with other user information deriving from own sources collected in Wirtualna Polska Holding S.A.’s platforms, and use it for own purposes, also for advertising. For more details, please see Wirtualna Polska Holding S.A.’s Privacy Policy.

VII. Server logs.

1. Information regarding certain behaviors of users are subject to logging on the server layer. Such data is used exclusively for the purpose of administrating the service and to ensure the most efficient handling of hosting services provided.

2. Browsed resources are identified by their URL addresses. Additionally, the following information may be subject to logging:

a. inquiry arrival time,

b. response dispatch time,

c. name of the customer’s workstation – identification carried out by the HTTP protocol,

d. Information on errors which have occurred during performance of an HTTP transaction,

e. the URL address of the site previously visited by the User (referral link) – if the Service has been accessed via a link,

f. information on the User’s Internet browser,

g. IP address information.

3. The above data is not associated with any specific individuals browsing the websites.

4. The above data is used only for the purpose of server administration.

VIII. Disclaimer

1. This Privacy Policy does not include any information regarding services or goods provided by entities other than the Administrator, which have been published on the Service’s websites commercially, are featured on the site on a mutual basis or do not serve any commercial purpose.

2. The Administrator is not liable for any actions or omissions of Users which result in the Administrator processing the personal data provided in a manner stipulated in this Privacy Policy.

3. The Administrator reserves the right to implement changes, remove or modify functions or properties of the Service’s websites, as well as discontinue operation, transfer the rights to the service or perform any other legal actions allowed by applicable legal regulations. Any activities performed by the Administrator must not infringe upon the rights of Users.

IX. Contact with the Administrator

Anny additional questions concerning the Privacy Policy should be directed at the Administrator’s address indicated in pt. II or at eshop@tatuum.com.

X. Changes to the Privacy Policy

1. The Administrator reserves the right to amend the Privacy Policy, if required by legal regulations or changes made to the Service. The Administrator shall notify the Users of such changes and their effective dates, in particular by publishing an appropriate message on the Service’s website.

2. The date provided below is the effective date of the Privacy Policy in its most recent version.

VALID FROM 20/07/2021

TATUUM INTERNET STORE PRIVACY POLICY AND COOKIES

I. Legal basis

The administrator declares that processing of the Users’ personal data takes place in accordance with personal data protection regulations - the Resolution by the European Parliament and Council (EU) 2016/679 dated 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation “RODO”).

II. General terms

1. This Privacy Policy informs of the methods of protecting the personal data of users of the service found under the electronic address: www.tatuum.com

2. The Administrator of the Service Users is the company KAN Sp. z o.o., with a registered office in Łódź (92-760), at the address ul. Wiączyńskiej 8A, for which the District Court for Łódź-Śródmieście, XX Commercial Division of the National Court Register keeps registration files under the KRS no. 0000119998, Tax ID 7251019880.

3. The Service performs functions related to collecting information on its users and their behaviours in the following manner:

a. Through information voluntarily entered in forms.

b. Through the storage of cookie files (so called “cookies”) on end user devices.

3. The contents of the Service’s websites constitutes the property of the Administrator and is legally protected.

4. In order to use the Service, the User must have access to a computer or device with installed software which enables browsing Internet pages and access to the Internet. Access to the Service may take place using available Internet browsers.

5. The Administrator declares that the Service’s websites are free of any content which infringes on the rights of third parties or any applicable legal regulations, in particular content which includes information which may cause or constitute a risk to the privacy or safety of any individuals, contains information promoting illegal actions or behaviors, which is offensive, constitutes a threat, is indecent, defamatory or slanderous, incites racism, ethnic, cultural or religious prejudice, promotes or facilitates criminal activity, violates the rights of third parties, including intellectual property rights, or constitutes any other violation of legally protected rights.

III. Information in forms.

1. The Service collects information provided voluntarily by the user.

2. The Service may additionally store information of the connection parameters (timestamp, IP address).

3. Data in forms is made available to:

- employees or partners authorized by the Administrator;

- entities cooperating in the area of providing the Newsletter, sms service,

- delivery service providers;

- on-line payment service providers;

- authorized bodies on the basis of legally valid requests, in the scope arising from such requests.

4. Data provided in forms may constitute part of the process of servicing potential customers, included by the Administrator in the register of personal data processing activities.

5. Data provided in the forms are processed for the purposes of:

IV.Rights of data subjects

1. Provision on consent to be added: The User has the right to request access to and rectification, erasure of his or her personal data or restriction of processing and the right to object to processing, the right to withdraw his or her consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, and the right to data portability

2.You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, if you think that your data are processed in breach of the provisions on personal data protection. Detailed information about the right to lodge a complaint is available on the following website: https://uodo.gov.pl/pl/83/155

3. in order to exercise your rights indicated in subsection 1 hereinabove and in connection with other queries relating to processing of your personal data, please Contact the Data Protection Officer designated by the Controller, by e-mail to the following e-mail address: abi@kan.pl.

V. Information regarding cookie files

1. The Service uses cookie files.

2. Cookie files (so called “cookies”) constitute information data, in particular text files, which are stored on the Service User’s device and are intended to use the Service’s websites.

Cookies usually contain the name of the website from which they originate, the time of their storage on the User’s device, and a unique number.

3. The entity which places cookie files on the Service User’s device and accesses them is the Service’s operator.

4. Cookie files are used for the following purposes:

a. creating statistics which help understand the manner in which Service Users use the websites, which enables improvements to their structure and content;

b. maintaining the Service User’s session (after logging in), thanks to which the User is not required to re-enter the login and password on every subpage of the Service;

c. determining the User’s provide for the purpose of displaying appropriate materials in advertising networks, in particular the Google network.

5. The Service incorporates two primary types of cookie files: “session cookies” and “persistent cookies”. “Session cookies” are temporary files which are stored on the User’s device until the moment of logging out, leaving the website or disabling the software (Internet browser). “Persistent cookies” are stored on the User’s device for a time specified in the cookie file parameters or until their removal by the User.

6. Internet site browsing software (the Internet browser) usually by default allows storage of cookie files on the User’s device. Service Users may make changes to settings in this regard. The Internet browser allows to remove cookie files. It is also possible to automatically block cookie files. Detailed information on this topic can be found in the Internet browser’s help section or documentation.

7. Restrictions on the use of cookie files may affect certain functions available on the Service’s websites.

8. Cookie files stored on the Service User’s device may be also used by advertisers and partners cooperating with the Service operator.

9. We recommend reading the privacy protection policies of such companies in order to become familiar with the rules of using cookie files in statistics: https://www.google.analytics

10. Cookie files may be used by advertising networks, in particular Google, to display advertisements adapted to the manner in which the User uses the Service. For that purpose they may contain information of the User’s navigation path or time spent on a given site.

11. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/

12. How to manage cookie files – Internet browser manufacturers’ instruction:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer< /p>

Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer

Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

Safari: http://safari.helpmax.net/en/saving-time/blocking-content/

Opera: http://help.opera.com/Linux/9.22/en/cookies.html

13. In accordance with applicable regulations of the 16th of July 2004 telecommunications law act, the User has the right to decide on the scope of access of cookie files to their computer through their prior choice in the window of their browser.

VI. WP PIXEL

1. As part of keeping the platform, we use marketing tools available on WP and provided by Wirtualna Polska Holding S.A., ul. Jutrzenki 137A, 02-231 Warszawa.

3. In order to direct customized advertisements to users, the data collector has implemented PW Pixel on the platform.

5. The information collected through WP Pixel is anonymous, thus preventing the data collector from identifying users.

VII. Server logs.

1. Information regarding certain behaviors of users are subject to logging on the server layer. Such data is used exclusively for the purpose of administrating the service and to ensure the most efficient handling of hosting services provided.

2. Browsed resources are identified by their URL addresses. Additionally, the following information may be subject to logging:

a. inquiry arrival time,

b. response dispatch time,

c. name of the customer’s workstation – identification carried out by the HTTP protocol,

d. Information on errors which have occurred during performance of an HTTP transaction,

e. the URL address of the site previously visited by the User (referral link) – if the Service has been accessed via a link,

f. information on the User’s Internet browser,

g. IP address information.

3. The above data is not associated with any specific individuals browsing the websites.

4. The above data is used only for the purpose of server administration.

VIII. Disclaimer

1. This Privacy Policy does not include any information regarding services or goods provided by entities other than the Administrator, which have been published on the Service’s websites commercially, are featured on the site on a mutual basis or do not serve any commercial purpose.

2. The Administrator is not liable for any actions or omissions of Users which result in the Administrator processing the personal data provided in a manner stipulated in this Privacy Policy.

3. The Administrator reserves the right to implement changes, remove or modify functions or properties of the Service’s websites, as well as discontinue operation, transfer the rights to the service or perform any other legal actions allowed by applicable legal regulations. Any activities performed by the Administrator must not infringe upon the rights of Users.

IX. Contact with the Administrator

Anny additional questions concerning the Privacy Policy should be directed at the Administrator’s address indicated in pt. II or at eshop@tatuum.com.

X. Changes to the Privacy Policy

1. The Administrator reserves the right to amend the Privacy Policy, if required by legal regulations or changes made to the Service. The Administrator shall notify the Users of such changes and their effective dates, in particular by publishing an appropriate message on the Service’s website.

2. The date provided below is the effective date of the Privacy Policy in its most recent version.

VALID FROM 15/06/2021