Politique de confidentialité

  1. For the Owner of this website, the protection of Users' personal data is a priority. It makes every effort to ensure that Users feel safe entrusting their personal data when using the website.
  2. The user is a natural person, legal person or an organisational unit without legal personality, which is granted legal capacity by the act, using electronic services as part of the website.
  3. This privacy policy of the Online Store is informative, which means that it is not a source of obligations for Service Recipients or Customers of the Online Store. The privacy policy contains, above all, the rules regarding the processing of personal data by the Administrator in the Online Store, including the basics, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools in the Online Store.
  4. The administrator applies advanced technical measures and organisational solutions that ensure a high level of protection of personal data processing and protection against unauthorised access.

I. General Provisions

§ 1 Personal Data Administrator

  1. The Administrator of the personal data of the users of the website located under the domain https://brunn.design/ is BRUNN DESIGN Sp. z o.o., with its registered office at the address in Sosnowice, ul. Jana III Sobieskiego 12, 34-113 Sosnowice , REGON 361000090, Polish TIN (NIP): 6832085501, entered in the National Register of Entrepreneurs kept by the District Court for Kraków-Śródmieście in Kraków, XII Commercial Law Division of the National Court Register, KRS 0000547623, share capital: PLN 40,000 paid in full (hereinafter as: "Administrator").
  2. If you have additional questions or want more information, you can contact the Administrator:
    1. by e-mail at address: hello@brunn.design,
    2. in writing by mail to the Administrator's address: Brunn Design Sp. z o.o., Sosnowice, ul. Jana III Sobieskiego 12, 34-113 Sosnowice, Poland.
  3. This Privacy Policy indicates actions taken with regard to personal data collected via the Administrator's Online Store, as well as services and tools used by website users and as part of concluding and performing contracts outside the website.
  4. This Privacy Policy may be updated to change our practices or for other operational, legal or regulatory reasons. New content of the Privacy Policy will be published on this Website. In the case of persons who have consented to the processing of data by e-mail or provided e-mail data during the performance of contracts, they will also be notified of the change by e-mail.

§ 2 Types of data

  1. The administrator processes the following personal data, the provision of which is necessary for:
    1. register on the website:
      • name and surname/name;
      • e-mail address;
    2. making purchases via the website:
      • name and surname/name;
      • delivery address;
      • Phone number;
      • e-mail address;
  2. In the event of withdrawal from the contract or acceptance of the complaint, when the refund is made directly to the User's bank account, in order to make the refund, we also process information about the bank number.
  3. In addition, the administrator also processes the following data:
    • company name;
    • VAT number.

II. Basis of processing, purposes and storage of personal data

§ 1 Purpose of processing personal data

The Administrator processes the User's personal data in order to:

  1. using the Website based on your interest in our offer (the basis of Article 6(1)(b) of the General Data Protection Regulation (hereinafter as: GDPR); if the Administrator concludes and performs a sales contract or contracts for the provision of services, the User is obliged to provide the data necessary to conclude the contract (which is a contractual requirement, and in the field of tax numbers also a statutory requirement);
  2. sending commercial information, if you have agreed to receive commercial information (legal basis of Article 6(1)(a) of the GDPR);
  3. performance of a legal obligation, if such an obligation is imposed on us (the basis of Article 6(1)(c) of the GDPR);
  4. analytical, e.g. in order to select services to your needs; optimization of products and services based on comments, your interests, technical logs of the website; in order to optimize service processes based on the course of service processes, including complaints, which is our legitimate interest (the basis of Article 6(1)(f) of the GDPR);
  5. archival (evidence) to secure information in order to prove the facts, if any, which is our legitimate interest (the basis of Article 6(1)(f) of the GDPR);
  6. possible determination, investigation or defense against claims, which is our legitimate interest (based on Article 6(1)(f) of the GDPR);
  7. researching your satisfaction and determining the quality of our services, which is our legitimate interest (the basis of Article 6(1)(f) of the GDPR);
  8. offering you products and services directly (direct marketing), including matching them to your needs using profiling, which is our legitimate interest (the basis of Article 6(1)(f) of the GDPR).

§ 2 Basics of personal data processing

Users' personal data is processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of May 10, 2018 and the Electronic Services Act of July 18, 2002.

§ 3 Storage of personal data

  1. Users' personal data is stored no longer than it is necessary to achieve the purpose of processing, i.e. until the consent is withdrawn, if the processing is based on such consent, until the Administrator's and User's claims regarding the performance of concluded contracts expire (in the case of sales and contracts for the provision of services 2 years, counting until the end of the year) and until the question sent via e-mail is answered or until the complaint is considered. After this period, the Customer's personal data will be processed by the Administrator pursuant to Article 6(1)(f) of the GDPR, i.e. for purposes arising from legitimate interests pursued for the purposes of marketing campaigns.
  2. To the extent necessary for the proper functioning of the website, its functionality and the proper conduct of the payment operation (if it is carried out by the website), the website uses the User's metadata. Metadata is the process of reading and recognizing by the IT system the configuration page and components of the computer used by the user in order to adjust the page to his capabilities and establish a secure connection between the user's computer and the website. Importantly, such metadata cannot lead to the User's identification, and they are not harmful to the data stored on the computer in any way. Nevertheless, the User may at any time withdraw consent to the processing of metadata by properly configuring his browser or downloading the appropriate plug-in provided by the browser manufacturer. For this purpose, consult the software manufacturer and its recommendations.

§ 4 Profiling and processing of personal data

  1. For the purpose of direct marketing, the Administrator may use profiling. This does not apply to the possibility of using electronic services, conclusion or refusal to conclude a contract. The result of profiling may be, for example, sending him a discount code, granting the User a discount, reminding him of unfinished purchases, sending a product proposal that may match the interests or preferences of a given person, or offering better conditions compared to the standard offer. However, the User decides whether he will use the discount received in this way or better conditions and make the purchase. Profiling consists in automatic analysis or prediction of the User's behavior on the Administrator's website, e.g. by adding a specific product to the basket, browsing a specific product page, or by analyzing the previous activity history on the website. In order for the Administrator to be able to send the user e.g. a discount code or match products to the User's interests, the Administrator must have her personal data.
  2. In order for the processing to take place in accordance with the regulation, taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probabilities and severity of the threat, the Administrator implements appropriate technical and organizational measures that should be checked and, if necessary, updated. The administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.

§ 5 Data sharing

  1. All collected personal data is used to fulfill obligations towards users. This information will not be shared with third parties, except when:
    1. the data subjects expressly consent to such action,
    2. the obligation to provide this data results or will result from applicable law, e.g. to law enforcement authorities.
  2. Users' personal data may be transferred to the following recipients or categories of recipients:
    1. service providers supplying the Administrator with technical, IT and organizational solutions, enabling the Administrator to run a business, including a website and electronic services provided through it (in particular computer software providers, marketing agencies, e-mail and hosting providers, company management software providers and providing technical assistance to the Administrator and the product delivery operator),
    2. providers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company).
  3. The Administrator provides the User's collected personal data to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
  4. The Administrator may share anonymized data (i.e. not containing data allowing to identify a specific User) to external service providers in order to better recognize the attractiveness of advertisements and services for users. Therefore, due to the registered office of software providers, data may be transferred - subject to the principles of their protection - to third countries. However, these third countries ensure compliance with standard contractual terms approved by the European Commission for the processing of personal data or having appropriate authorizations in this regard under bilateral data processing agreements between the European Union and a given third country that is not a member of the European Economic Area (hereinafter as: “EEA”).
  5. The administrator provides the data indicated in point 4 on the terms set out therein to the following service providers:
    1. Google LLC. (registered office: 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) for tools:
      • Google Analytics - used to analyze website statistics,
      • Google Tag manager - used to manage scripts by easily adding code fragments to a website or application and tracking activities performed by users on a website,
      • Google Ads - used to display sponsored links in Google search results and on websites cooperating under the Google AdSense program;
    2. Meta Platforms, Inc (registered office: 1601 Willow Road Menlo Park, CA 94025, USA) for the Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build an audience list focused on future ads.
  6. The Administrator's services are also integrated with third party analytical technologies, such as Software Development Kit and Application Program Interfaces. These technologies may combine data collected in connection with the user's use of the website https://brunn.design/ with information collected by them separately over time or within different platforms. Some of these companies collect and use information based on their own data protection policies, which can be found on their websites. We encourage you to read these rules.
  7. The Online Store may use the functionality of Google Analytics - a web analytics service that is provided by Google, LLC. ("Googles"). In order to indicate to the Online Store Administrator how visitors use the website, Google Analytics uses cookies. The above information is usually transferred to Google, which stores this data on servers in the United States. The IP addresses of users visiting the Administrator's website, in accordance with current IT standards, are shortened. Only in exceptional cases may the full IP address be sent to a Google server in the USA and shortened there. Google may use the above information on behalf of the Administrator to evaluate the website for its users, as well as to prepare reports on website traffic and provide other services related to website traffic and Internet use for website operators. Google will not associate the IP address transmitted as part of Google Analytics with any other data collected by Google. More information about the collection and use of data by Google Analytics can be found at: www.google.com/policies/privacy/partners. If the User does not agree to the collection and processing of data by Google regarding his use of the website, he can download and install the browser plug-in, which can be found at: http://tools.google.com/dlpage/gaoptout.
  8. In the case of sharing Users' data with third parties, the Administrator makes every effort to ensure that this is done only to entities certified under the (former) Privacy Shield EU-US and Swiss-US programs (available at www.privacyshield.gov). These entities, when using information from the European Economic Area (EEA), are required to comply with the principle of responsibility for the secondary transfer of the Privacy Shield program. When necessary, the Administrator will rely on EU standard contractual clauses as well as other safeguards to enable transfers outside the EEA. Pursuant to the decision of the Court of Justice of the European Union of July 16, 2020 in relation to the EU-US Privacy Shield and the guidelines of the European Data Protection Council, the Administrator continues to assess the legal system of the countries to which data are transferred, and also updates measures if necessary to ensure adequate levels of protection.

III. User's rights

  1. The user may at any time request information from the administrator about the scope of personal data processing.
  2. The User may at any time request correction or rectification of his personal data. The user can also do it himself after logging into his account.
  3. At any time, without giving any reason, the User may withdraw his consent to the processing of his personal data. The request not to process data may refer to all purposes of personal data processing or a specific purpose of processing indicated by the User (e.g. withdrawal of consent to receive commercial information). Withdrawal of consent for all purposes of processing will result in the removal of the User's account from the website along with all the User's personal data processed by the Administrator. Withdrawal of consent does not affect previously performed activities.
  4. The user has the right to lodge a complaint with the supervisory authority. The complaint should be lodged in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
  5. At any time, the User may request the deletion of the User's data without giving any reason. The request to delete data does not affect previously performed activities. Deletion of data will result in the deletion of the User's account along with all the User's personal data collected and processed so far by the Administrator.
  6. The User may at any time object to the processing, including profiling, of personal data concerning him in the scope of all User's personal data processed by the Administrator or only to a limited extent, e.g. as to the processing of data for a specific purpose. This objection will not affect the actions already taken. Submitting an objection will result in the deletion of the User's account together with all the User's personal data collected and processed by the Administrator. In such a case, the administrator may no longer process personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims.
  7. The user may at any time object to the processing of his personal data for the purposes of direct marketing, including profiling, to the extent that the processing is related to such direct marketing. This applies to the processing of personal data for the purposes of direct marketing on the basis of the legitimate interests of the Administrator, and not on the basis of the consent of the data subject.
  8. The User may request the restriction of personal data processing both for a specified period of time and without a time limit, but within a specified scope. The administrator is obliged to comply with such a request. However, this will not affect the activities already performed.
  9. The User may demand that the Administrator provide another entity with personal data concerning the User that he processes. For this purpose, he should write a request to the Administrator indicating to which entity (name, address) the User's personal data should be provided and what specific data are to be provided. After the User confirms his request, the Administrator will provide the User's personal data in electronic form to the indicated entity. The User's confirmation of the request is necessary due to the security of the User's personal data, as well as to ensure that the request comes from an authorized person.
  10. The above rights are implemented on the basis of the User's request, which should be sent to the e-mail address: hello@brunn.design. The request should include the User's name and surname.
  11. The Administrator informs the User about the actions taken within one month of receiving one of the requests listed in the preceding points.
  12. The User confirms that the data provided or published by him on the Website are correct.

IV. Cookies

  1. The website uses cookies or similar technology (hereinafter referred to as "Cookies") to collect information about the User's access to the website (e.g. using a computer or smartphone) and his preferences. They are used e.g. for advertising and statistical purposes and to adapt the website to the individual needs of the User.
  2. Cookies are pieces of information containing a unique reference code that the website sends to the User's devices in order to store and sometimes track information about the device used. Cookies are not used to identify the user and their identity is not established on their basis.
  3. Some of the cookies on the website are available only for the duration of a given internet session and expire after closing the browser. Other cookies are used to remember the User who is recognized on the website after returning to the website. They are then retained for a longer period of time.
  4. The cookies used on this website are:
    1. necessary cookies - necessary for the proper functioning of the website or the functionalities that the user wants to use. Without them, it is impossible to provide many of the services we offer. Some of these cookies also ensure the security of services provided by the online store electronically;
    2. functional cookies - important for the operation of the website, because without them the website will not be adapted to the user's preferences, the level of functionality of the website may decrease. The website will operate but to a limited extent, and blocking them will result in some functions not working properly;
    3. business cookies - blocking them may contribute to a reduction in the level of service provision due to the inability of the website owner to realize revenue subsidizing its operation. This category includes, for example, advertising "cookies";
    4. cookies for website configuration - thanks to them it is possible to set services and functions on the website;
    5. cookies for the security and reliability of websites - thanks to them it is possible to verify the authenticity and optimize the performance of the website;
    6. cookies used for authentication - they inform when the user is logged in, so that the website displays the appropriate functions and information';
    7. cookies that check the session status - they enable saving information on how the website is used by Users; they concern e.g. error messages displayed on the website or the most frequently visited pages; help improve services and enhance your browsing experience;
    8. cookies that examine the processes taking place on the website - thanks to them, the website and its functions work efficiently;
    9. cookies that support advertising - thanks to them, advertisements tailored to users are displayed, as well as providing value for advertisers and publishers; may contribute to the display of certain advertisements outside of websites and to the personalization of advertisements;
    10. cookies that access the location - they contribute to adjusting the displayed information to the user's location;
    11. cookies conducting research, analysis or audience audit - thanks to them, the owner of the Online Store can better understand the preferences of users, thanks to which the Store can modernize its products and services; the collection and processing of information on trends is carried out anonymously, i.e. in a way that does not allow for the identification of a specific User.
  5. All cookies on this website are set by the Administrator.
  6. All cookies used by this website are in accordance with the applicable European Union law.
  7. Most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be saved in the device's memory.
  8. The user can change the preferences regarding the acceptance of cookies or change the browser to be able to receive an appropriate notification each time the cookie function is set. In order to change the cookie acceptance settings, you need to adjust them in your browser.
  9. Please note that blocking or deleting cookies may prevent you from fully using the website.
  10. Cookies on this website are not harmful to the User or to the end device used by the User. Therefore, in order for the website to function properly, it is recommended not to disable cookies in browsers.
  11. This site does not respond to Do Not Track signals. However, you may disable certain web tracking methods, including some analytical data, as well as personalized advertisements by changing the settings in the browser or using our tools used to express consent to the use of cookies. Detailed information on changing cookie settings as well as their removal in selected web browsers is available in the help section of a given web browser.
  12. Detailed information on how to manage cookies on mobile devices is usually available in the user manual of the device.