PolskiPrivacy Policy
1. General Information
This policy applies to the website functioning under the URL: en.pocketflower.art
The website operator and data controller is: HSBB Karol Kwiatkowski, ul. Długa 1, 85-034 Bydgoszcz, Polska
The operator’s contact email address is: shop@pocketflower.art
The operator is the controller of your personal data regarding any data voluntarily provided on the website.
The website uses personal data for the following purposes:
Managing the newsletter
Handling inquiries via the contact form
Preparing, packing, and shipping goods
Fulfilling ordered services
Presenting offers or information
The website collects information about users and their behavior in the following ways:
1. Through data voluntarily entered into forms, which are then processed by the operator’s systems.
2. By storing cookies on users’ end devices.
2. Selected Data Protection Methods Used by the Operator
Login and personal data entry areas are protected at the transmission level (SSL certificate). This ensures that personal data and login information entered on the website are encrypted on the user’s computer and can only be read on the target server.
Personal data stored in the database is encrypted in such a way that only the Operator, possessing the decryption key, can read it. This protects the data in case the database is stolen from the server.
User passwords are stored in a hashed form. The hashing function is one-way, meaning it cannot be reversed, which is the current standard for storing user passwords.
The Operator periodically changes its administrative passwords.
To protect the data, the Operator regularly performs backups.
An essential element of data protection is the regular updating of all software used by the Operator for processing personal data, particularly updating software components.
3. Hosting
The website is hosted (technically maintained) on the servers of operator Kei.pl
To ensure technical reliability, the hosting company logs the following at the server level:
Resources specified by a URL identifier (addresses of requested resources – pages, files),
The time the request was received,
The time the response was sent,
The client station name – identification performed through the HTTP protocol,
Information about errors that occurred during the execution of an HTTP transaction,
The URL of the previously visited page (referrer link) – if the user arrived at the website via a link,
Information about the user's browser,
Information about the IP address,
Diagnostic information related to the process of self-ordering services through the website’s registration systems, Information related to the handling of emails sent to and from the Operator.
4. Your Rights and Additional Information on How Your Data is Used
In certain situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to fulfill a contract with you or to meet obligations
imposed on the Administrator. This applies to the following groups of recipients:
The hosting company (under a data processing agreement)
Couriers
Postal operators
Payment operators
Your personal data processed by the Administrator will not be kept longer than necessary for the purposes related to specific legal requirements (e.g., accounting).
For marketing data, it will not be processed for more than 3 years.
You have the right to request from the Administrator:
Access to your personal data,
Rectification,
Deletion,
Restriction of processing,
Data portability.
You also have the right to object to the processing mentioned in point 3.2, regarding the processing of personal data to fulfill the legitimate interests of the Administrator, including profiling. However, the right to object cannot be exercised if there are valid
legitimate grounds for processing that override your interests, rights, and freedoms, particularly for establishing, pursuing, or defending legal claims.
You have the right to file a complaint regarding the Administrator’s actions with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
Providing personal data is voluntary but necessary for the operation of the website.
Automated decision-making, including profiling, may be applied to you to provide services under the contract and for the Administrator’s direct marketing purposes.
Personal data is not transferred to third countries as defined by data protection regulations. This means we do not send it outside the European Union.
5. Information in Forms
The website collects information provided voluntarily by the user, including personal data, if provided.
The website may record information about connection parameters (time stamp, IP address).
In some cases, the website may save information that helps link the data in the form with the email address of the user filling out the form. In such cases, the user’s email address may appear inside the URL of the page containing the form.
The data provided in the form is processed for the purpose resulting from the specific function of the form, such as handling a service request, commercial contact, or service registration. Each form’s context and description clearly inform the user of its purpose.
6. Administrator Logs
Information about user behavior on the website may be logged. This data is used for administering the website.
7. Important Marketing Techniques
The operator uses statistical analysis of website traffic through Google Analytics (Google Inc., based in the USA). The operator does not transfer personal data to the service provider, only anonymized information. This service relies on cookies stored on the user’s device. Users can view and edit their cookie-based preferences collected by Google’s advertising network using the tool:
https://www.google.com/ads/preferences/.
The operator uses remarketing techniques that allow the adjustment of advertising messages based on user behavior on the website. This may give the impression that personal data is being used to track the user, but in practice, no personal data is transferred from the operator to advertising operators. The technological requirement for this process is the enabling of cookies.
The operator uses the Facebook Pixel. This technology ensures that Facebook (Facebook Inc., based in the USA) knows that a registered user is using the website.
In this case, it is based on data for which Facebook is the controller, and the operator does not transfer any additional personal data to Facebook. This service relies on cookies stored on the user’s device.
8. Information about Cookies
The website uses cookies.
Cookies are IT data, specifically text files, stored on the user’s device and intended for use on the website. Cookies typically contain the name of the website they originate from, the duration of storage on the device, and a unique number.
The entity placing cookies on the user’s device and accessing them is the website operator.
Cookies are used for the following purposes:
Maintaining the user’s session (after logging in), so the user doesn’t need to re-enter their login and password on every subpage of the website,
Achieving the purposes mentioned above in the section „Important Marketing Techniques.”
The website uses two main types of cookies: „session cookies” and „persistent cookies.” Session cookies are temporary files stored on the user’s device until they log out, leave the website, or close the browser. Persistent cookies are stored on the user’s device for the time specified in the cookie parameters or until the user deletes them.
Web browsers typically allow cookies to be stored on the user’s device by default.
Users can change their browser settings to block cookies or delete them. Detailed information on this can be found in the browser’s help or documentation.
Restrictions on the use of cookies may affect certain functionalities available on the website.
Cookies placed on the user’s device may also be used by entities cooperating with the website operator, particularly by companies such as Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), and Twitter (Twitter Inc., based in the USA).
9. Managing Cookies – How to Give and Withdraw Consent in Practice
If the user does not wish to receive cookies, they can change their browser settings.
Please note that disabling cookies necessary for authentication processes, security, or maintaining user preferences may hinder, or in extreme cases, prevent the use of the website.