The Website Owner and also the data controller is Dorota Fistek-Korbut who conducts business activity under the name
of Nobilus Dorota Fistek-Korbut with registered office in Tarnów (33-100), Wodna 9, entered into Centralna Ewidencja
Informacji o Działalności Gospodarczej maintained by the District Court for the City of Warsaw in Warsaw, NIP (tax
identification number): 9930269959, REGON (Polish business registry number): 121521870, hereinafter referred to as
Personal data collected by Ecolore.eu via the Website are processed in compliance with Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data
Protection Regulation), hereinafter also referred to as GDPR.
Ecolore.eu acts with utmost care to ensure privacy of the Customers, who visit the Website.
Article 1 - Type of processed data, objectives and legal ground
Ecolore.eu collects information on natural persons performing a legal transaction, which is not related directly to
their business activity (consumers), hereinafter referred to as Customers.
Personal data of Customers are collected in case of:
use of the contact form service for the purpose of the performance of a contract executed by electronic means.
Legal grounds: processing is necessary for the performance of a contract on contact form services (article 6
sec. 1 letter b of GDPR).
When using the contact form service, the Customer shall provide their e-mail address only.
Additional information may be collected when the Customer uses the Website, in particular an IP address assigned to
the Customer’s computer or an external IP address of your internet provider, domain name, type of a browser, access
time, type of the operating system.
Also navigation data may be collected from the Customers, including information on links and references they click
or other activities undertaken by them in our Website. Legal grounds- legitimate interests (article 6 sec. 1 letter
f of GDPR) in form of facilitation of use of services rendered by electronic means and improvement of functionality
of such services.
To determine, exercise and enforce claims, come personal data provided by the Customer when using functionalities of
the Website may be provided, such as: name, surname, information about use of services, if claims result from the
manner of user of services by the Customer, other data necessary to prove existence of claim, including the volume
of suffered losses. Legal grounds- legitimate interests (article 6 sec. 1 letter f of GDPR) in form of
determination, exercising and enforcement of claims and defence against claims in litigation and proceeding in front
of other public authorities.
Personal data are provided to Ecolore.eu on voluntary basis in relation to concluded sales contracts or services
rendered via the , provided that, however, without data specified in the data forms in the Registration process,
Registration and establishment of a Customer Account is not possible, and if orders are placed without Registration
of Customer Account, placement and fulfilment of Customer order will be impossible.
Article 2 - To whom are data disclosed or provided and how long are they stored?
Customer’s personal data are provided to providers of services used by Ecolore.eu when operating the Website
depending on contractual arrangements and circumstances, they are either subject to Ecolore.eu’s instructions about
manners and ways of data processing (processors) or they define purposes and manners of processing on their own
Processors. Ecolore.eu uses services of providers processing data on Ecolore.eu’s request only. They include for
instance hosting providers, accounting services, providers of marketing systems, systems of traffic analysis in
the Website, systems for analysis of marketing campaign efficiency;
Controllers. Ecolore.eu uses services of providers that do not act on request only, but they define the
objectives and manners of use of Customers’ personal data. They render electronic payment and banking services.
Location. Providers of services have their registered offices mainly in Poland and other countries of the European
Economic Area (EEA).
Customers’ personal data are stored:
If Customer’s personal data are processed on the basis of a consent, they shall be processed by Ecolore.eu until
the consent is not cancelled, and after cancellation of the consent – for a period of time corresponding to the
period of limitation of claims that may be raised by or against Ecolore.eu. If it is not provided otherwise in a
specific provision, period of limitation amounts to 10 years, and in case of claims concerning periodical
services or claims related to business activity – three years;
If personal data are processed on the basis of execution of the contract, then the Customers’ personal data
shall be processed by Ecolore.eu as long, as it is necessary for execution of the contract, and afterwards – for
a period of time corresponding to the period of limitation of claims. If it is not provided otherwise in a
specific provision, period of limitation amounts to 10 years, and in case of claims concerning periodical
services or claims related to business activity – three years.
Navigation data may be used in order to provide Customers with better services, statistical data analysis and
adjustment of the Website to Customer preferences and to operate the Website.
In case of a respective request, Ecolore.eu discloses personal data to authorised state authorities, in particular
to organisational units of the prosecutor’s office, the Police, the Chairperson of the Personal Data Protection
Office, the Chairperson of the Office of Competition and Consumer Protection or the Chairperson of the Office of
Article 3 - Cookie files, IP address
The Website uses small files called cookies. They are stored by Ecolore.eu on the terminal device of a visitor to
the Website, if it is allowed by an Internet browser. A cookie file contains usually a domain name, from which it
originates, its “expiry time” and individual randomly selected number that identifies such file. Information
collected via such type of files enables adjustment of Ecolore.eu products to individual preferences and actual
needs of visitors to the Website. It offers a possibility to prepare general statistics of visits of products
presented in the Website.
Ecolore.eu uses two types of cookie files:
Session cookies: after end of a given session of a browser or switch off of a computer they are deleted from
computer memory. The mechanism of session cookies does not enable collection of any personal data or
confidential information from Customer’s computers;
Permanent cookies: are stored in the memory of Customer’s terminal device and stay there until they are deleted
or expire. The mechanism of permanent cookies does not enable collection of any personal data or confidential
information from Customer’s computers.
Ecolore.eu uses own cookies for the purpose of:
authorisation of the Customer in the Website and ensuring Customer’s session in the Website (after logging),
thanks to which the Customer does not need to type in a login and a password on every page of the Website;
analyses and studies, and audience measurement, in particular to prepare anonymous statistics which support
understanding of the manner of use of the by Customers, which enables improvement of its structure and contents.
Ecolore.eu uses external cookies for the purpose of:
popularisation of the Store via social network facebook.com (controller of external cookies: Facebook Inc with
registered office in the US lub Facebook Ireland with registered office in Ireland);
presentation of the map with localisation of Ecolore.eu’s office on the Website’s information pages by means of
portal maps.google.com (controller of external cookies: Google Inc with registered office in the US);
collecting general and anonymous statistical data by means of analytic tools Google Analytics (controller of
external cookies: Google Inc with registered office in the US);
Presentation of Reliable Regulation Certificate via website rzetelnyregulamin.pl (external cookie controller:
Rzetelna Grupa sp. z o.o. with registered office in Warsaw).
The cookie mechanism is safe for computers of the Website Customers. In particular, no viruses or other unwanted or
malicious software may invade Customer computers this way. Still, in their browsers Customers have a possibility to
restrict or switch off access of cookie files to computers. If such option is activated, the Website may be used
save for functions that due to their nature require cookie files.
Below we present how to change setting of popular internet browsers in respect to cookie files:
Internet Explorer browser;
Microsoft EDGE browser;
Mozilla Firefox browser;
Ecolore.eu may store IP addresses of the Customers. IP address is a number assigned to a computer of a visitor in
the Website, by an internet provider. IP number enables access to the Internet. In the majority of cases it is
assigned dynamically to a computer, that is it changes for each connection with the Internet, and that is why it is
commonly treated non-personal identifying information. IP address is used by Ecolore.eu for detection of technical
problems with the server, preparation of statistical analyses (e.g. determination, from what regions the majority of
visitors come from), as information helping with administration and improvement of the Website and for safety
purposes and possible identification of unwanted automatic programmes searching through the contents of the Website
that load the server.
The Website contains links and references to other websites. Ecolore.eu shall not be held liable for privacy
protection principles in force on such websites.
Article 4 - Rights of data subjects
The right to withdraw consent – legal ground: article 7 sec. 3 of GDPR.
The Customer has a right to withdraw consent granted to Ecolore.eu.
Withdrawal of consent shall be effective as the time of withdrawal.
Withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.
Withdrawal of consent shall not entail any negative consequences for the Customer, but may prevent them from
further use of services of functionalities, which may be lawfully provided by Ecolore.eu only upon consent of
Right to object to personal data processing - legal ground: article 21 of GDPR.
The Customer shall have the right to object, on grounds relating to their particular situation, at any time to
processing of personal data concerning them, including profiling, if Ecolore.eu processes their data on the
basis of a legitimate interest, such e.g. marketing of Ecolore.eu’s products and services, statistic concerning
use of individual functionalities of the Website and facilitation of use of the Website, and Customer
An e-mail resignation from marketing communications on products or services will mean the Customer’s objection
to processing of their personal data, including profiling for those purposes;
If the Customer’s objection is reasonable and Ecolore.eu has no other legal grounds to process personal data,
the Customer’s personal data, whose processing has been objected by the Customer, will be deleted.
Right to erasure (“right to be forgotten” ) - legal ground: article 17 of GDPR.
The Customer has the right to demand erasure of all or some personal data;
The Customer has the right to demand the erasure of some personal data, if:
the personal data are no longer necessary in relation to the purposes for which they were collected or
the Customer has withdrawn consent in the scope in which personal data have been processed on the basis of
the Customer has objected to use of their data for marketing purposes;
the personal data are unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to
which Ecolore.eu is subject;
the personal data have been collected in relation to the offer of information society services.
Despite of demand of erasure of personal data in relation to an objection or withdrawal of consent, Ecolore.eu
may retain some full personal data in the scope, in which processing is necessary for determination, claiming or
defence against claims, and for fulfilment of the legal obligation requiring data processing under the
legislation of the European Union or a Member State to which Ecolore.eu is subject. It refers in particular to:
name, surname, e-mail address, which are retained for the purpose of examination of complaints and claims
related to use of Ecolore.eu services, or additionally an address of residence/ correspondences, order number,
which are retained for the purpose of examination of complaints and claims related to concluded sales agreements
or service agreements.
Right to restriction of processing- legal ground: article 18 of GDPR.
The Customer shall have the right to obtain from the controller restriction of their personal data processing.
Submission of such demand, until its examination, prevents the use of specified functionalities or services, the
use of which would be related with processing of personal data subject to such demand. Moreover, Ecolore.eu will
not send any message, including marking communications. ;
The Customer shall have the right to demand restriction of their personal data processing in the following
When they contest the acccuracy of their personal data; then Ecolore.eu shall restrict their use for a
period enabling verification of the accuracy of the personal data, but no longer than for 7 days;
When data processing is unlawful and the Customer demands restriction of their use instead of their erasure;
When personal data are no longer necessary for the purposes of their collection or use, but they are needed
by the Customer in order to determine, exercise or defend claims;
When the Customer objected to proceeding of their data- then the restriction is introduced for a period
necessary to consider whether, due to exceptional circumstances – protection of the Customer’s interests,
rights and freedoms prevails over the interests, which are exercise by the Controller when proceeding
Customer’s personal data.
Right of access to data - legal ground: article 15 of GDPR.
The Customer shall have the right to obtain a confirmation from the Controller, whether or not it processes
personal data, and if yes, the Customer shall have the right to:
obtain access to their personal data;
obtain information on the purposes of the processing, the categories of processes personal data, the
recipients or categories of recipients of such data, the envisaged period for which the personal data will
be stored or the criteria used to determine that period (if determination of the planned period of data
processing is not possible), on Customer’s rights under the GDPR and the right to lodge a complaint with a
supervisory authority, on the source of such data, automated decision-making, including profiling and
security devices applied due to the transfer of such data outside the European Union;
obtain copies of their personal data.
Right to rectification - legal ground: article 16 of GDPR
The Customer shall have the right to obtain from the Controller without undue delay the rectification of
inaccurate personal data concerning the Customer. Taking into account the purposes of the processing, the
Customer shall have the right to have incomplete personal data completed, including by means of providing a
supplementary statement, sending the respective request to the e-mail address in compliance with Article 6 of
Right to data portability- legal ground: article 20 of GDPR.
The Customer shall have the right to obtain their personal data, which were provided to the Controller, and then
to send them to another data controller selected by the Customer. The Customer shall have the right to demand
that such personal data are sent directly by us to another data controller, if this is technically feasible. In
such case the Controller shall sent the Customer’s personal data in a csv file, which is a commonly used
machine-readable format, allowing transfer of processed data to another data controller.
If the Customer wishes to exercise any of the foregoing rights, Ecolore.eu fulfils a request or refuses to fulfil it
promptly, but no later than within a month of its receipt. If, however, due to a complex nature of a demand or a
number of demands Ecolore.eu is not able to fulfil demand within one month, it shall fulfil it during the following
two month, notifying the Customer earlier within a month from receipt of the demand on the intended prolongation of
the period and about own activities.
The Customer may file complaints, questions or requests concerning processing of their personal data and execution
of this rights.
The Customer has the right to demand that Ecolore.eu provides copies of standard contractual clauses, sending a
The Customer shall have the right to file a complaint to the Chairperson of the Office of Personal Data Protection
in respect to violation of their rights for personal data processing or other rights granted under the GDPR.
Article 5 - Security management
Ecolore.eu ensures safe and encrypted connection to the Customers during transfer of personal data. Ecolore.eu uses
SSL certificate issued by one of the world leaders in respect to security and encryption of data sent via the