General information

 

We attach particular importance to the protection and processing of your personal data. We make every effort to ensure that the personal data entrusted to us are safe with us. We process your data in accordance with the relevant laws, in particular the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/W). ("RODO").

 

Accordingly, we have updated our Privacy Policy to provide an accessible and transparent presentation of the privacy practices on our website. Below you will find information on how we process your personal data, how we keep it safe and inform you of your rights with respect to the personal data we collect.

 

Who is responsible for your personal data

 

The controller of your personal data is the LILOU group of companies, which, in order to fulfill their rights and obligations related to the protection of personal data under the RODO in particular, have entered into an agreement on the co-management of personal data.

The LILOU group includes:

 (a) LILOU a limited liability company with its registered office in Warsaw, Filtrowa 50 Street (02-032 Warsaw), registered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XII Business Department of the National Court Register, under the number: 0000346352, having NIP: 7010216745, with a share capital of PLN 5,000.00;

 b) LILOU RETAIL Spółka z ograniczoną odpowiedzialnością Spółka komandytowa with its registered office in Warsaw, Filtrowa 50 (02-032 Warsaw), entered in the register of entrepreneurs under the KRS number: 0000675663, REGON: 367179931, NIP: 7010686847;

 c) LILOU ONLINE SHOP spółka z ograniczoną odpowiedzialnością spółka komandytowa with its registered office in Warsaw, ul. Filtrowa 50 (02-032 Warsaw), registered in the Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XII Business Division of the National Court Register, under the number: 0000663850, with REGON: 366571012, NIP: 7010666632.

These entities jointly determine the purposes and means of data processing on the basis of Article 26, paragraph 1 of the RODO.

To ensure that your personal data will always be processed transparently and in accordance with the law, a Data Protection Officer has been appointed. To contact him, you can write to the indicated e-mail address: [email protected]

 

Which of your personal data we process

 

We will process the following personal data:

- First name (in case you registered on our site, used our contact form or otherwise provided it to us);

- Name (in case you registered on our site, used our contact form or otherwise provided it to us);

- Email address (in case you registered on our site, used our contact form or otherwise provided it to us);

- Phone number (in case you have used our contact form or otherwise provided it to us);

- Delivery address or residential address data (in case of purchase fulfillment, delivery);

- Tax Identification Number (if you are collecting an invoice);

- Data regarding the device you are using (e.g. IP address, browser, etc., in accordance with the data processing provisions of the cookies described below).

 

Principles of personal data processing
 

Where do we store your personal data?

 

Your personal data is stored in the European Economic Area (EEA). Any operation of transferring your personal data is carried out in accordance with applicable laws.
 

Who has access to your personal data?

 

Being the controller of your personal data, we never sell or exchange it with other entities for marketing purposes.

In some cases, we transfer your personal data to selected third parties for the sole purpose of performing the services we define and provide to you.

Examples include companies that maintain our IT infrastructure, companies that provide us with services regarding email, sms, social media campaigns or other IT-related services. However, we transfer this data only to the extent regulated by the personal data processing entrustment agreements signed with these entities.

Adequately to the consents you have given, your personal data, may be transferred to our business partners.

In the case of transfer of your personal data to payment operators, in connection with the processing and settlement of payments made by you over the Internet using payment instruments, the provision of data is required in order to process the payment and to transmit the confirmation of its execution by the said operators to us.
 

For what purpose do we process your personal data and what is the legal basis for processing your personal data?

 

Legal basis for processing	Purpose of personal data processing
Article 6(1)(a) of the RODO, i.e. consent of the data subject	- to respond to inquiries directed to us via email or to contact you in any other way you prefer; - to send newsletters and carry out other marketing activities beyond the legitimate interest of the administrator, including customizing the best offers of our services or the services of our partners for you or promoting them on social networks operated by us;
Article 6(1)(b) of the RODO, i.e. the necessity to perform a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract	- to effectively enter into and perform contracts relating to the services provided to you (for example, to process sales or to maintain your user account with us); - in order to effectively fulfill the obligations arising from the handling of the complaint process;
Article 6(1)(c) of the DPA, i.e. the necessity to fulfill a legal obligation of the controller	- to comply with legal obligations, in particular regarding accounting and tax obligations arising in connection with the sale;
Article 6(1)(f) of the RODO, i.e. necessity within the scope of the purposes deriving from the legitimate interests pursued by the controller or by a third party	- to confirm the performance of our duties, to be able to successfully assert or defend against claims against us, to detect fraud or attempt to prevent it; - to perform activities for marketing purposes adequate to our legitimate interest, including matching the best offer or promoting our products and services on social networks operated by us.

 

How long will we process your personal data?

 

We will process the personal data provided by you for the period:

1. necessary for the performance of the contract concluded in the framework of the services we provide, the performance of our obligations during their duration,

2. for a period of 5 years, starting from the first day of the year following the year in which the business relationship with the customer was terminated or in which occasional transactions were carried out in order to fulfill a legal obligation, assert or defend against claims,

3. until you withdraw your consent or raise an objection in case we perform activities for marketing purposes, based on your separately expressed consents or as part of processing on the basis of our legitimate interest.

 

What rights you have in connection with our processing of your personal data

 

What rights do you have under the provisions of the RODO?

 

Right of access to data:

 

You have the right to request information about what personal data we hold at any time. To obtain this information, please contact us.
 

Right to portability:

 

If we process your personal data by automated means, based on the consent you have given us or the contract you have entered into, you have the right to receive a copy of your data in a structured, commonly used and readable format. This copy may be sent to you directly or to another entity designated by you and applies only to the personal data you have provided to us.

 

Right to correct data:

 

You have the right to request the correction of your personal data at any time if it is incorrect, as well as to complete incomplete data.  If you have an account with us, you can edit both your personal data and consents within your user account settings.
 

Right to delete data:

 

You have the right to delete the personal data we process at any time. Please note, however, that this right is not absolute and, as an administrator, we have the right to refuse to delete those of your data for which we have a basis for processing (e.g. in order to fulfill a legal obligation or to assert or defend against claims that may be brought against us).

 

Right to object to the processing of data on the basis of legitimate interest:

 

You have the right to object at any time to the processing of your personal data to the extent that we process such data based on the legitimate interest of the controller. We will then cease processing your personal data unless we can find a lawful justification for this process that overrides your interest or rights. You will, of course, be informed of this.
 

Right not to consent to direct marketing:

 

You have the right not to consent to receiving direct marketing materials, including the compilation of an analysis of your profile that is prepared for the purpose of preparing such materials.

 

Right to restriction:

 

You have the right to request at any time to restrict the processing of your personal data under the following conditions:

- if you do not consent to the processing of your data on the basis of a legitimate interest of the controller, then we will restrict any processing of such data after verifying the existence of such legitimate interest.

- if you report that the personal data being processed is incorrect, then we will restrict any processing of such data until we verify its accuracy.

- if the processing is unlawful, then you may object to the erasure of your personal data and instead request that we restrict the use of your personal data.

- if we no longer need your personal data, but it is required to pursue or defend against claims.

 

Automated data processing

 

In order to carry out marketing activities, in some cases we will use profiling. This means that through the automated processing of your personal data, we evaluate selected factors about you, such as by analyzing how often our website is visited or which products are viewed most often. Analyzing your behavior on our website helps us understand your expectations and adapt to your needs and interests. Thanks to this form of processing, we can present you with advertising tailored to you, which is described in more detail in the cookie policy section.

 

How do you exercise your rights?

 

We take the protection of your privacy and the correctness of the processing of your personal data very seriously, so we have designated a team of employees who will respond exclusively to questions about the above issues. You can contact them:

- by sending an email to [email protected];

- by writing to the address of our headquarters: Lilou Online Shop Sp. z o. o. sp. k., 6 Józefa Lewartowskiego St., 00-190 Warsaw

- by contacting the Data Protection Officer, at e-mail address: [email protected]

If you believe that we are processing your personal data in an inappropriate manner, please contact us. You also, of course, have the right to file a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection.

 

Use of profiles on social networks - Facebook, Instagram, YouTube, Pinterest

We have public profiles on social networks Facebook, Instagram, YouTube, Pinterest. Accordingly, we process data that visitors to these profiles leave (including comments, likes, online IDs).

 

Your personal data is processed:

- in order to enable them to be active on the profiles;

- in order to run the profiles effectively, by presenting portal users with information about the Administrator's initiatives and other activities; and

- in connection with the promotion of various events, services and products;

- for statistical and analytical purposes;

alternatively, they may be processed for the purpose of asserting and defending against claims.

 

 

 

Cookies Policy
 

Cookies, or "cookies," are small pieces of computer data sent by a website you visit. These files are stored on the device on which the user browses the website. The files used by our website are used for the purpose of studying statistics on the popularity of our site. This helps us determine what elements we can improve on the site to make it more user-friendly.

 

Types of cookies used

(1) The cookies used by the Administrator are safe for the User Device.
In particular, by this means it is not possible for viruses or other unwanted software or malware to get into the Users' Devices. These cookies allow to identify the software used by the User and customize the Service individually for each User. Cookies usually contain the name of the domain from which they originate, the time they are stored on the Device and the assigned value.

(2) The Administrator uses two types of cookies:

3. session cookies: they are stored on the User's Device and remain there until the session of a given browser ends. The stored information is then permanently deleted from the Device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the User's Device.

4. permanent cookies: they are stored on the User's Device and remain there until they are deleted. Ending the session of a given browser or switching off the Device does not delete them from the User Device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the User Device.

(5) The User has the option to restrict or disable access of cookies to his Device. If this option is used, the use of the Website will be possible, except for the functions that.

 

 

The purposes for which cookies are used

 

I. The administrator uses own cookies for the following purposes:
1. configuration of the Service, i.e:

  a) adapting the content of the Website pages to the User's preferences and optimizing the use of the Website pages,

  b) remembering the history of visited pages on the Site for content recommendation,

  c) font size, web page design.

2. authentication of the User on the Website and ensuring the User's session on the Website

  a) maintenance of the session of the User of the Website (after logging in), thanks to which the User does not have to re-enter his/her login and password on each sub-page of the Website;

  b) correct configuration of selected functions of the Website, enabling in particular verification of authenticity of a browser session;

  c) optimization and increase of efficiency of services provided by the Administrator.

3. execution of processes necessary for full functionality of the websites:

  a) adapting the content of the Website to the User's preferences and optimizing the use of the Website. In particular, these files allow for recognition of the basic parameters of the User's Device and appropriate display of the website, adapted to his/her individual needs;

  b) proper operation of the affiliate program, enabling in particular verification of the sources of redirection of Users to the Website.

4. analysis and research, as well as auditing the viewership of the Website.

 

II. The Service Administrator uses external cookies for the following purposes:

1. presentation of multimedia content on the Service's websites, which are downloaded from an external website: www.youtube.com (cookie administrator: Google Inc. based in the USA);

2. Collecting general and anonymous statistical data through analytical tools:

  (a) Google Analytics (administrator of cookies: Google Inc. based in the USA);

  (b) DoubleClick (administrator of cookies: Google Inc. based in the USA);

  (c) Hotjar (administrator of Hotjar Ltd according to the rules of https://www.hotjar.com/privacy/gdpr-compliance/).

3. use of interactive features to popularize the Service through social networks:

  (a) Instagram [cookie administrator: Facebook Inc. based in the USA or Facebook Ireland based in Ireland];

  (b) google.com [cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland];

  (c) facebook.com [cookie administrator: Facebook Inc headquartered in the USA or Facebook Ireland headquartered in Ireland];

4. Using interactive functions to popularize the website using other wp.pl websites (administrator's cookies: https://holding.wp.pl/poufnosc)

5. Your personal data on our website may be processed by our technological and external sources, including, among others: Ringier Axel Springer Polska sp. zoo. based in Warsaw (02 – 672), ul. Domaniewska 49, registered in the national register of the Court Register kept by the District Court for the capital city of ul. Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000420780, with share capital of PLN 106,000, NIP: 5272677009, REGON 146127300. Privacy policy of the above-mentioned. Containing information on the details of data processing and your rights, which are available at https://politykaprywatnosci.onet.pl/Your data is subject to a limited extent to the extent of your consent, among others: to ensure the safety and attractiveness of the presented advertising products and services or to settle settlements for the publication of these advertisements. Your data is processed using cookie technology and provided, and the link above provides information on how to check how to block and delete cookies. If you do not want the above-mentioned partner to process your data collected on our sites in order to ensure the accuracy and attractiveness of the advertisements of products and services presented to you - you can withdraw your consent by clicking here (at the bottom of the page you will find a link to the tool for making changes).

 

Possibilities to determine the conditions for storing or accessing cookies

 

(1) The User may independently and at any time change the settings for cookies, specifying the conditions for storing and accessing by cookies to the User's device. The User may change the settings referred to above through the settings of the Internet browser or through the configuration of the service. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the web browser or inform about each time cookies are placed on the User's device. Detailed information about the possibility and methods of handling cookies is available in the settings of your software (web browser).

(2) The User may at any time delete cookies using the available functions
in the web browser he uses.

(3) Restricting the use of cookies, may affect some functionalities available on the Website.

 

Types of cookies used

Cookies used by:	Usage
frontend	A cookie used by the Magento eCommerce platform. Used to store the session ID. Necessary for many functionalities.
_gat_UA-26388416-1	This is a pattern cookie set by Google Analytics, in which the pattern element in the name contains the unique identification number of the account or site to which it applies. It is a variation of the _gat cookie, which is used to limit the amount of data Google records on high-traffic sites.
frontend_cid	Session ID cookie for SSL (HTTPS) encrypted sites. This cookie exists in addition to the standard frontend cookie and is used in Magento stores with SSL encryption. Functions such as last viewed items or login status retention are associated with this cookie.
_website	Stores information about the website address. Associated with Magento 2 platform
_gcl_au	Used by Google AdSense to experiment with ad performance on sites using their services
_fbp	Used by Facebook to deliver a series of advertising products, such as real-time bidding from third-party advertisers.
_gid	It is set by Google Analytics. It stores and updates a unique value for each page visited and is used to count and track page views.
_ga	It is associated with Google Universal Analytics, which is a significant upgrade to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a customer ID. It is attached to every page request on the site and used to calculate visitor, session and campaign data for the site's analytics reports.
IDE	It is set by Doubleclick and provides information about the end-user's use of the site and the ads the end-user may have seen before entering the site.
ts	It is provided by the payment operator and is used for the payment service in the store.
_smvs	stores information about the number of visits / first visit to the site
smcfds	stores information about the forms displayed on the page
smvr	stores information on visits
cookielaw	bar regarding cookies / acceptance by the customer means that the bar will not appear in the future
_hjid	Related to analyzing the path of user behavior, building a heatmap - user clicks on the site.
smuuid	Tracks anonymous visits, assigned to each landing page
smclient	Assigned to monitored contact / contact card ID in salesmanago system
smevent	Assigned to monitored contact / transmitting event id regarding adding product to cart - deleted after purchase
smform	Responsible for popup and contact form / providing information about the number of visits and disabling the popup window
smg	Automatically added by Salesmanago script - passing random uuid about the user
quartic_cookie	Responsible for generating recommendation frames with proposed products
ccid	Unique user ID used by edrone system
e_dv_$(app_id)	Used for daily statistics of unique users in edrone system
fp_ccid	Unique user ID used as First Party in edrone system
fp_sid	Allows users or customers to be tracked in edrone for the duration of a single session until they close their browser
edrone_popup	Allows edrone to manage pop-ups, helps indicate how often a pop-up has been displayed or decides whether to display such a pop-up
edrone_push_widget	Used to manage the status of push notifications in edrone; acts like a snooze button, e.g. if the widget is running on auto on, it decides how long it should be off after clicking "Close"
push_action_type_$(url)	Used to cache subscription status for push notifications for edrone system
PHPSESSID	Session ID for edrone PHP application
c_id	This is a unique identifier generated by the edrone JS script. It is stored in local browser memory and passed in an event. If possible, we store the "c_id"-"email" mapping (acquired as an email field as a result of account registration, order placement or newsletter database registration) so that we can uniquely identify the customer based on "c_id" only in future events. This applies only to events originating from the browser.

 

Final Provisions

 

It may be necessary to update the Privacy Policy in the future. Its latest version will always be available on the website of our service.

In matters not covered by this Policy, the provisions of the Civil Code and relevant acts of Polish law, as well as the law of the European Union, in particular RODO (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) shall apply.