GDPR

Categories of Processed Personal Data The Operator collects, processes, stores, and transmits the following personal data belonging to data subjects: name, surname, date of birth, email address, billing/delivery address (country, city, county/sector, street, number, block, staircase, apartment), postal code, bank account, bank account holder, phone number, gender, IP address, internet browser used by the data subject and the operating system version of the device, duration of the website visit, viewed products, Facebook account, Google user account, device location, order AWB number, amount paid as cash on delivery.

Personal Data of Minors The Operator does not process the personal data of individuals who have not reached the age of 18. Data subjects are required to confirm before creating an account, placing an order, and subscribing to the newsletter that they have reached the age of 18. Without confirmation by the data subject, the data subject cannot subscribe to the newsletter, cannot generate their customer account, or place any order.

Personal Data in the Case of 3D Secure Card Payment In the case where the customer opts for card payment for the placed order, the card details for 3D Secure payment, consisting of the card number, cardholder, card expiration date, card type, and security code will not be accessible or collected by the Operator.

Purpose of Processing Personal Data The Operator processes personal data belonging to data subjects for the purpose of finalizing and executing the sales contract, order processing, issuing invoices, product delivery, profiling, direct marketing, customer loyalty, promotional campaigns, contests, raffles, promotions, return of ordered products, refund of payment made, complaint resolution, customer support, reviews, implementation and maintenance of website security, preparation of financial and accounting documents, within the control procedures carried out by state institutions, defending the rights of the operator in judicial and extrajudicial proceedings, for negotiating or concluding collaborations or contracts with third parties, for carrying out commercial/contractual/collaboration activities of the operator, managing relationships with business partners, commercial communication with customers/suppliers/collaborators through any means of communication, communication with public or public-interest bodies or authorities in accordance with legal provisions, audit and control/surveillance activities, monitoring website traffic and its access history, creating content hierarchy, and identifying the most relevant content for the user.

Legality of Personal Data Processing The Operator processes personal data of data subjects under the following conditions: (a) the data subject has given consent to the processing of their personal data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (c) processing is necessary for compliance with a legal obligation to which the controller is subject; (d) processing is necessary to protect the vital interests of the data subject or of another natural person; (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Duration of Personal Data Processing The Operator will process personal data of data subjects for the duration of the sales contract execution, order processing, preparation of financial-accounting documents, order delivery, complaint resolution, and publication of reviews on the website.

Data Storage Period The Operator will store personal data of data subjects as follows: for a period of 2 years regarding order history, unless the data subject withdraws consent or deletes their customer account, 1 year in the case of complaints, unless the data subject withdraws consent, 4 years for reviews posted on the website, 10 years concerning the issuance of fiscal invoices for placed orders, 10 years for newsletter subscription, unless the data subject withdraws consent. In the event that legislative changes require other retention periods, the Operator will comply with legal provisions.

Rights of Data Subjects According to Regulation (EU) 2016/679, data subjects have the following rights:

Right to Information: The data subject has the right to receive information about the operator's data, the personal data processed, the purpose and method of processing personal data.

Right of Access to Data: The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, if so, access to such data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

In cases where personal data are transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards.

The Operator provides a copy of the personal data being processed. For any other copies requested by the data subject, the Operator may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically and unless otherwise requested by the data subject, the information shall be provided in an electronic format commonly used.

Right to Rectification: The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure of Data ("Right to be Forgotten"): The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based; (c) the data subject objects to the processing; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; (f) the personal data have been collected in relation to the offer of information society services.

Right to Restriction of Processing: The data subject has the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify