Privacy policy

PROTECTING YOUR DATA IS IMPORTANT TO US!

Our company, RattaNeo, not only focuses on supplying the highest quality natural rattan furniture, but also values the protection of your personal data. We understand the importance of respecting your privacy and earning your trust in both data protection and the quality of our branded natural rattan furniture. We ensure that we provide clear and understandable information regarding the purpose of collecting your personal data, and whether and for how long we store it in our systems.

1. GENERAL INFORMATION

The purpose of this privacy policy is to inform you about how we process your personal data when you use our website and related services. This policy applies to all websites and services that refer to it.

1.1 PROCESSING OF PERSONAL DATA

Personal data (referred to as “data” for short) as defined in Article 4 of the EU General Data Protection Regulation (GDPR) refers to any information that relates to an identified or identifiable natural person, such as their name, residential address, email address, etc.

1.2 ADMINISTRATOR

The entity responsible for processing personal data, as defined in Article 4(7) of the GDPR, is RattaNeo Sp. z o.o., located at 8 Wojska Polskiego Street, 41-208 Sosnowiec, with a tax identification number (NIP) of PL6443554338.

1.3 RIGHTS OF THE DATA SUBJECT

As a data subject of the processed data, you have the following rights with respect to your personal data under applicable legislation:

Right to access the data

Right to rectification and erasure of the data

Right to restrict data processing

Right to data portability

Right to object

Additionally, you have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data.

In considering your requests related to the above rights, we may ask you to provide proof of your identity. For more information on how your personal data is processed, please refer to section 3.1.

1.3 RECIPIENTS (GENERAL INFORMATION)

In addition to the recipients listed in the paragraphs on recipients in the individual chapters below, we may transfer the collected data to the relevant internal departments for processing, as well as to other affiliated entities or external service providers or contract processors in accordance with the specific purpose of the processing. The data may also be transferred to the following recipients:

Personal data may be accessed by third country (non-European Economic Area) platform/hosting service providers. To provide appropriate legal safeguards for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Analytics providers from a third country (outside the European Economic Area) may have access to personal data. To provide appropriate legal safeguards for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

IT support service providers from a third country (outside the European Economic Area) may have access to personal data. To provide appropriate legal safeguards for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

State authorities: We reserve the right to disclose information concerning you in the event of a legal obligation if we are obliged to pass it on to the competent authorities or law enforcement authorities in light of Article 6(1)(c) of the GDPR (legal obligation).

For further information, please refer to the paragraphs on recipients in the individual chapters.

2. COLLECTION AND PROCESSING OF PERSONAL DATA WHEN VISITING OUR WEBSITE

We collect personal data when you visit and use our website. In this chapter, you will find more information about the processes and tools specific to the website, including external partners. For more information on processes that may also take place outside of networked systems, please refer to Chapter 3.

2.1 HOSTING

Purpose/Information:

When you visit and use our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect personal data that your browser transmits to our server, which is technically necessary to display our website and ensure its stability and security.

Recipients:

Third-country (non-European Economic Area) platform/hosting service providers will have access to your personal data. We have concluded standard contractual clauses provided for in Article 46 of the GDPR with these entities, as an appropriate legal safeguard for the data. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Personal data will be accessed by IT support service providers from a third country (outside the European Economic Area). We have concluded standard contractual clauses provided for in Article 46 of the GDPR with these entities, as an appropriate legal safeguard for the data. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.3 on general recipients.

Deletion:

Log files are deleted after 7 days.

Legal basis:

Article 6(1)(f) of the GDPR (legitimate interest of the controller)

2.2 LOGGING FUNCTIONS

This website may provide the various login functions described below.

2.2.1 CENTRALISED LOGIN PROFILE

Purpose / Information:

This website may provide you with a centralised login profile if this function is activated on the website. It requires separate consent during the registration process. During registration, RattaNeo Ltd. provides you with the opportunity to create an account with a password (login profile). This login profile will be created in the brand’s centralised login profile database and will verify that you are the rightful owner of the account and/or e-mail address. The login database is essentially only connected to the service to which you register and only handles the verification part of the login profile.

Administrator:

RattaNeo Sp. z o.o. 8 Wojska Polskiego St., 41-208 Sosnowiec NIP: PL6443554338 is responsible for the centralised profile.

Contact details: office@rattaneo.com

Recipients:

Provider of the platform / hosting services. Data transfer to third countries is possible. As an appropriate legal safeguard for the data, standard contractual clauses as provided for in Article 46 RODO have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.3 on general recipients.

Deletion / Withdrawal of consent:

Your login profile will be automatically deleted when you delete your local account for the brand on the website where you have registered, unless this conflicts with legal retention obligations or the statute of limitations. In the event that you are registered with a particular login profile on more than one local account for a particular brand, your login profile will be deleted once all local accounts for that brand have been deleted. The automatic deletion of local accounts for a given brand usually occurs after 24 months of inactivity.

Legal basis:

Article 6(1)(a) RODO (consent; centralised login profile)If you have created a given login profile without registering a local account for a brand, it will be automatically deleted within one day.

2.3 EVALUATIONS AND REVIEWS

Purpose / Information:

Users may be able to provide ratings and reviews of products, processes or other assessments within the capacity of the website in accordance with the terms of use. Accordingly, we collect the data you provide to us when you submit content that constitutes ratings and reviews.

Our legitimate interest is that you are able to express your free product reviews and that these reviews may appear on third-party websites anonymously (pseudonymised).Where this website requires your explicit consent to provide sensitive data, we will also process sensitive information (e.g. photos or content constituting descriptions) about your health or data revealing your racial or ethnic origin, especially in the case of reviews of skin care products.

We use the data you provide to publish and save your review and rating on our website in accordance with our terms of use. Your review will be published under your pseudonym. The review may be checked before publication. We reserve the right to remove comments if they are deemed unlawful by third parties. Please see our terms of use for more information.

We also use the data you provide as part of our legitimate interest to ensure that your rating is not issued based on fraud, automated or robotic programmes. Therefore, it is possible that you will receive an email asking you to verify your email address, unless you have logged in with a user account.

– Platform provider / hosting services.

– Consumer service providers

– Fraud prevention provider (for publication on a third party website).

Data transfer to third countries is possible. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 of the RODO have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.3 on general recipients.

Deletion / Objection:

Users’ personal data will be deleted or anonymised after deletion of the user’s account or upon receipt of a corresponding request. Personal data of users who have only received a verification email or do not have a user account will be deleted or anonymised after a corresponding deletion request. Published reviews will normally remain visible under the published nickname/pseudonym unless you separately request their removal.

Legal basis:

Art. 6(1)(a) RODO in conjunction with Art. 9(2)(a) RODO (consent)

Article 6(1)(f) RODO (legitimate interest of the controller)

2.4 COOKIES/TOOLS

This website uses cookies or other technologies/tools, such as pixels, local storage, tags, identifiers, or external services (hereinafter “Cookies/Tools”), which are used when you visit and use our website. Cookies are small text files that are stored by your browser on your device to store certain information or image files, such as pixels. The next time you visit our website on the same device, the information stored in the cookies will be sent to our website (“First-Party Cookie”) or to another website to which the cookie belongs (“Third-Party Cookie”).

Thanks to the information stored and returned, the website can recognize that you have already visited and accessed it through the browser used on your device. We use this information to design and display the website optimally according to your preferences. Therefore, only the cookie itself is identified on your device. Outside the above scope, personal data will only be stored with your express consent or if it is absolutely necessary for the appropriate use of the services offered and made available to you.

This website uses the following types of cookies/tools, the scope and functions of which are explained below:

Type A: Technical measurement/analysis of recipients – to ensure that the requested service can be provided; includes basic analytical functions. (Consent is not necessary according to Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector).

Type B: Functional and performance – additional tools to measure the performance/attractiveness of our website and to provide further additional (personalized) functionality.

Type C: Marketing – tools to create marketing profiles based on user behavior.

For more information, please see the description of the tools implemented on our websites in this privacy policy. If this website uses a consent management platform, you can find additional information there.

Please note that the tools listed in the following section may not be in use all the time.

2.4.1 GOOGLE ANALYTICS

Purpose / Information:

This website uses Google Analytics, a web analytics service from Google Ireland Ltd. (“Google”). The configuration of the Google Analytics tool has been changed by us in order to perform a purely measurement function, unless separate consent has been given for further advertising functions.

The Google Analytics tool uses a specific form of cookie that is stored on your computer to analyse your use of our website. The cookies used by the Google Analytics tool for measurement purposes are first-party cookies, which means that the values of these cookies for data subjects will be different for each customer (i.e. there is no single Google Analytics tool cookie identifier that is used across all sites using the Google Analytics tool). The information about your use of this website generated by the cookie is generally transferred to a Google server in the USA and stored there.

Please note that the Google Analytics tool has been extended on this website with the code “gat._anonymizeIp();” in order to ensure anonymous recording of IP addresses (so-called IP masking). Due to the anonymisation of the IP address on this website, your IP address is truncated by Google within the EU and countries belonging to the European Economic Area. The full IP address is sent to a Google server in the USA and shortened there only in exceptional cases.

Google uses this information on our behalf to analyse your use of this website in order to compile reports on website activity and to provide additional services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistical data obtained to improve our offerings and make them more interesting for you. In addition, we obtain information about the functionality of our website (e.g. to detect problems with navigating the website).

By setting up the Google Analytics tool, we have ensured that Google receives this data as a processor and therefore cannot use it for its own purposes. The configuration of the “Google Analytics Advertising Features” tool is independent of the above and is described in the relevant section below, provided that it is also used on this website.

Cookies/tools: Type A. For more information, please see the “Cookies/Tools” section.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html, General discussion of Google Analytics security and privacy policies: https://support.google.com/analytics/answer/6004245?hl=en, and Google’s privacy policy: https://policies.google.com/privacy?hl=en.

The transfer of data to third countries is possible. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 of the DPA have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion / withdrawal of consent:

This tool can be deactivated using the cookie settings available here.

Period of validity of cookies: up to 12 months (applies only to cookies created by this website)

Maximum data retention period: up to 26 months.

Legal basis:

Article 6(1)(a) RODO (consent)

2.4.2 TESTS A/B

Purpose/Information:

This website conducts analyses of user behavior using A/B tests. Depending on your profile classification, we may present our websites with slightly different content, enabling us to analyze and improve our services and make them more appealing to you.

Cookies are stored on your computer to facilitate these analyses. The information collected is stored exclusively on an EU-based server. You can prevent the storage of cookies by configuring your internet browser settings accordingly.

IP addresses are processed in a truncated form prior to analysis to avoid direct personal identification. The IP address transmitted by your browser is not merged with any other data we collect.

Cookies/Tools: Type A. For more details, see the “Cookies/Tools” section.

Recipients:

Data is shared with our analytics providers based in the EU.

Deletion/Opt-out:

You can deactivate this tool by adjusting the cookie settings available here.

Cookie validity period: up to 2 years (applies only to cookies created by this website).

Maximum data retention period: up to 25 months. You can also deactivate this tool in the cookie settings.

Legal basis:

Article 6(1)(a) of the GDPR (consent).

2.4.3 GOOGLE ADS (FORMERLY GOOGLE ADWORDS)

PURPOSE / INFORMATION:

Google Ads Conversion

We use Google Ads to advertise our attractive offers on external websites. We use advertising campaign data to determine the effectiveness of individual advertising activities. Our goal is to display ads that are relevant to you and to obtain a fair calculation of advertising costs.

The ads are delivered by Google via “ad servers”. We use ad server cookies to measure the effectiveness of advertising activities such as ad display or user clicks. If you visit our website through Google Ads, a cookie is saved on your device. This cookie usually stores the unique cookie identifier, the frequency of ad display in a particular location, the last display (relevant for conversion after viewing), and opt-out information indicating that you do not want to receive ads in the future.

These cookies allow Google to recognize your web browser. If you visit certain sites of an Ads client and the cookie stored on your device has not expired, Google and the client can recognize that you have clicked on an advertisement and have been redirected to the site in question. Each Ads customer is assigned a different cookie. It is not possible to track cookies on the websites of Ads service clients. We do not collect or process any personal data as part of the aforementioned advertising activities. We only receive statistical evaluations from Google, which help us determine which advertising measures are particularly effective. We cannot identify users’ identities from this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the extent and further use of the data collected by Google as a result of the use of this tool. We provide the following information to the best of our knowledge: By implementing conversions within the Ads service, Google receives information that you have used a certain part of our website offer or have clicked on information relating to us. If you are registered with Google, Google can link your visit to your account. Even if you are not registered with Google or have not logged in, your IP address may be obtained and stored by ISPs.

Remarketing in Google Ads

We use the remarketing function within the Google Ads service. The remarketing function enables us to present users of our website with advertisements based on their interests on other sites in the Google advertising network (on Google’s search engine or on YouTube, so-called “Google Ads”, or on other sites). This is done by analysing user interactions on our website, e.g. what offers users were interested in, in order to be able to display targeted advertisements to users even after they have visited our website on other sites. For this purpose, Google saves cookies in the browsers of users who visit certain Google services or sites in the Google advertising network. This cookie is used to record the visits of these users. This number is used to uniquely identify the browser on a particular device.

Cookies/tools: Type C. For more information, see “Cookies/tools”.

Recipients:

The main service provider is Google Ireland Ltd, located at Gordon House, Barrow Street, Dublin 4, Ireland.

It is possible that data may be transferred to third countries. To ensure appropriate legal safeguards for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion / withdrawal of consent:

This tool can be deactivated using the cookie settings available here.

Cookie validity: up to 180 days (this applies only to cookies created by this website).

Legal basis:

Article 6(1)(a) GDPR (consent)

2.4.4 GOOGLE ANALYTICS ADVERTISING FUNCTIONS

This website uses enhanced functions of Google Analytics, in addition to the standard functions, which include Google Analytics advertising functions such as reporting of impressions in Google’s advertising network, demographic and interest data reporting in Google Analytics, recipients for remarketing based on specific behaviors, demographics and interests, and sharing these lists with Google Ads. We also use integrated services that require data collection by Google Analytics for advertising purposes, including data collection via advertising cookies and identifiers, in order to optimize our website. As a result, we use first-party cookies such as Google Analytics cookies and advertising cookies and identifiers from Google.

Cookies/tools: Type C. For more information, please see the “Cookies/tools” section.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Data transfer to third countries is possible. To ensure the appropriate legal safeguard for data, standard contractual clauses as provided for in Article 46 of the DPA have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please refer to the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion/withdrawal of consent:

This tool can be deactivated using the cookie settings available here.

Period of validity of cookies: up to 12 months (applies only to cookies created by this website)

Legal basis:

Article 6(1)(a) of the GDPR (consent)

2.4.5 GOOGLE CAMPAIGN MANAGER

Purpose/Information:

This website uses an online marketing tool, the Google Campaign Manager, which utilizes cookies to display suitable ads to users, enhance campaign performance reports, and prevent repeated ad views. Google utilizes cookie identifiers to track ads displayed in browsers and prevent them from being shown more than once. Additionally, the Campaign Manager can gather conversion data on ad requests using cookie IDs. For instance, when a user views an ad served by the Campaign Manager and then proceeds to make a purchase on the advertiser’s website using the same browser.

When you visit our website, your browser establishes a direct connection to the Google server. We have no control over the extent and further use of data collected by Google using this tool. Therefore, we provide you with the following information to the best of our knowledge: By using the Campaign Manager tool, Google receives information that you accessed a specific section of our website or clicked on an ad from us. If you have a Google account, Google can associate your visit with your account. Even if you don’t have a Google account or haven’t logged in, your IP address may still be obtained and stored by internet service providers.

Additionally, cookies associated with Campaign Manager, such as DoubleClick or Floodlight, enable us to determine whether you perform a particular action on our website(s) after viewing one of our window/video ads on Google or other platforms via Campaign Manager or after clicking on such an ad (conversion tracking). The Campaign Manager employs this cookie to determine the content with which you interacted on our website(s) and then target customized ads to you.

Cookies used: Type C. For more information, please refer to the ‘Cookies/Tools’ section.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

It is possible that data may be transferred to third countries. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 of the DPA have been concluded with these entities. For third countries or companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion/Withdrawal of Consent:

You can deactivate this tool using the cookie settings available here.

Cookie validity period: up to 180 days from the last interaction (this only applies to cookies created by this website)

Legal basis:

Article 6(1)(a) of the GDPR (consent)

2.4.6 (WEBSITE) FACEBOOK CUSTOM AUDIENCES / CONVERSION (“FACEBOOK PIXEL”)

Purpose/Information:

The website uses the “Facebook Pixel” and Conversions API of the social network “Facebook” by Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

Facebook (website) Custom Audiences

We use the Facebook Pixel service and Conversions API for remarketing purposes, with the aim of contacting you again within 180 days. This enables us to show advertisements to website users based on their interests (“Facebook Ads”) when they visit the social network “Facebook” or other websites that also use this tool. We use this service to display ads that are of interest to you in order to make our website or offers more appealing to you.

Conversion via Facebook

We also use the Facebook Pixel service and Conversions API to ensure that our Facebook Ads match your potential interest and are not bothersome. By using the Facebook Pixel service, we can track the effectiveness of Facebook Ads for statistical and market research purposes by checking whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

When you consent to the use of cookies requiring your consent, your browser automatically establishes a direct connection to the Facebook server thanks to the marketing tools used (Facebook Pixel and Conversions API). Facebook receives information that you have visited our website or clicked on our advertisement through the integration of the Facebook Pixel service and the use of the Conversions API. If you are registered with Facebook, Facebook can attribute the visit to your account.

Facebook processes this data in accordance with its data processing policy. Specific information and details about the Facebook Pixel service, the Conversions API, and its functions can also be found in the Facebook help area.

Cookies/tools: Type C. For more information, please see the “Cookies/Tools” section.

Recipients:

Co-management of personal data:

We share responsibility with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta), for the collection and transfer of data for the following purposes:

Creating personalized or relevant advertising and optimizing it.

Delivery of commercial and transaction-related messages (e.g., via Messenger).

However, the following processes are not included in the co-administration:

Meta is solely responsible for the process that takes place after data collection and transmission.

The preparation of reports and analyses in aggregated and anonymized form is carried out as a processor and, therefore, falls under our responsibility.

We have a co-administration agreement with Meta, which outlines our respective obligations under the DPA regarding co-management. The agreement can be accessed here: https://www.facebook.com/legal/controller_addendum.

Meta’s data controller and data protection officer’s contact details can be found here: https://www.facebook.com/about/privacy. We have agreed that Meta may be used as a contact for the purpose of exercising data subjects’ rights (see section 1.3). However, the legal jurisdiction over the rights of data subjects is not limited.

For more information on how Meta processes personal data, including its legal basis and further information on data subjects’ rights, please visit the following link: https://www.facebook.com/about/privacy. Data is transferred under the legitimate interest of the controller in accordance with Article 6(1)(f) of the RODO.

You can find information on data security conditions here: https://www.facebook.com/legal/terms/data_security_terms and on data processing based on standard contractual clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Further recipients are listed in section 1.4 on general recipients.

Deletion/withdrawal of consent:

This tool can be deactivated through the cookie settings available here and, for logged-in users, at https://www.facebook.com/settings/?tab=ads#.

Cookie validity: Up to 180 days after the last interaction (this only applies to cookies created by this website).

Legal basis:

Article 6(1)(a) RODO (consent).

2.4.7 PINTEREST PIXEL

Purpose / Information:

This website uses the “Pixel” tool of the social network Pinterest for remarketing purposes, with the aim of targeting you or other sites also using this method with specific messages.

Thanks to the marketing tools used, your browser automatically establishes a direct connection to the Pinterest server as soon as you agree to the use of cookies requiring your consent. Through the implementation of the Pinterest Pixel, Pinterest receives information that you have accessed the relevant page of our website or clicked on our advertisement. If you are registered on Pinterest, Pinterest can attribute the visit to your account.

In addition to your IP address and marketing ID, Pinterest also receives information about the device used, the website visited, and the time, and can assign this data to your Pinterest account. Pinterest processes this data under its own responsibility. We have no influence over the collection and further processing of data by Pinterest.

Cookies/tools: Type C. For more information, please see the “Cookies/tools” section.

Recipients:

Main service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland.

Data may be transferred to third countries. To ensure appropriate legal safeguards for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are listed in section 1.4 on general recipients.

Deletion/withdrawal of consent:

This tool can be deactivated using the cookie settings available here.

Cookie validity: up to 180 days from the last interaction (only applicable to cookies created through this website).

Legal basis:

Article 6(1)(a) GDPR (consent)

2.4.8 SOCIAL PLUG-INS

Purpose / Information:

Our websites use social plugins (also known as “plugins”) from social networks such as Facebook, Twitter, and Pinterest. These plugins include the “Share” or “Share with friends” button from Facebook, whose website facebook.com is operated by Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland. The plugins are typically marked with the Facebook logo.

In addition to Facebook, we also use Twitter plugins (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and Pinterest plugins (Provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland).

In accordance with data protection regulations, we have deliberately avoided using direct social network plugins on our websites. Instead, we use the “Shariff” solution. This allows us to decide when and if data is transmitted to the social network operator. When you visit our website, no data is automatically transmitted to social networks such as Facebook, Twitter, or Pinterest. Data is only transmitted to these networks when you voluntarily click on the corresponding social network button. In this case, your internet browser establishes a connection to the servers of the respective social network. By clicking the button, you agree to your browser establishing a link to the servers of the social network and transferring your usage data to the social network operator and vice versa. We have no control over the nature and extent of the data subsequently collected by the social networks.

The social network operators store the data they collect about you as user profiles and use them for advertising purposes, market research, and/or demand-based website design. This evaluation takes place, in particular, to present demand-based advertising and inform other users of the social network about your activities on our website (even if you are not logged in). You have the right to object to the creation of such profiles, and to exercise this right, you must contact the relevant plugin providers. Through the use of plugins, we offer you the opportunity to interact with social networks and other users, which allows us to improve our offerings and make them more interesting for you.

Recipients:

Main service providers:

Meta Platforms Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA

Pinterest Inc, 808 Brannan Street San Francisco, CA 94103, USA.

Data transfer to third countries is possible. As a legal safeguard for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion:

The responsibility for the deletion of data lies with the main service providers.

Legal basis:

Art. 6(1)(a) GDPR (consent)

2.4.9 YOUTUBE VIDEOS

Purpose / Information:

We have embedded YouTube videos on our website, which are hosted on http://www.YouTube.com and can be played directly from our website. All of these features are covered by “extended data protection mode”, which means that no data about you as a user is transferred to YouTube unless you click on the video to start playing it. Only during the playback of the videos, the data referred to in the following paragraph will be transferred to YouTube. We have no control over this data transfer.

When you play the videos, YouTube is informed that you have accessed the relevant subpage of our website and may place further marketing tools on this page. If you are logged into Google, your information will be directly linked to your account.

Cookies/Tools: Type C. For more information, please see our “Cookies/Tools” page.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

It is possible that data may be transferred to third countries. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 of the RODO have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion / withdrawal of consent:

Deletion of data is the responsibility of the main service providers.

This tool can be deactivated using the cookie settings available here.

Legal basis:

Article 6(1)(a) RODO (consent)

2.4.10 GOOGLE TAG MANAGER

Purpose / Information:

This website uses the Google tag manager. This service allows the management of website tags via an interface. Google tag manager implements only tags. This means that no cookies are used and no personal data is stored. Google Tag Manager runs other tags, which in turn collect data as required. However, Google Tag Manager does not have access to this data. If deactivation has been done at the domain or cookie level, it remains valid for all tracking tags if they are implemented via the Google Tag Manager function.

Cookies/tools: Type A. For more information, see ‘Cookies/tools’.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

Data transfer to third countries is possible. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion:

Google Tag Manager does not store any personal data.

Legal basis:

Art. 6(1)(f) GDPR (legitimate interest of the controller)

2.4.11 HOTJAR

Information / Purpose:

We use the Hotjar service to gain a better understanding of our users’ needs and to optimize their experience on our website. Hotjar is a technology service that helps us to improve our services by providing us with information about our users’ experience, such as how much time they spend on particular pages, what links they click on, and what they like and dislike. Hotjar uses cookies and other technologies to collect data about user behavior and devices, including your device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to view our website. Hotjar recordings may not include your personal information, such as account login details or payment details, as text transmissions are not stored.

Hotjar stores this information on our behalf in your pseudonymized profile. The service uses cookies to recreate your session, and Hotjar is contractually prohibited from selling data collected on our behalf.

Cookies/tools: Type B. For more information, please see “Cookies/tools”.

Recipients:

Main service provider: Hotjar Ltd, Malta

Further recipients are indicated in section 1.4 on general recipients.

Deletion / Withdrawal of consent:

We temporarily store the IP addresses of visitors to our Website in order to obtain performance data (i.e. data related to the operation of our Software on the Website) and to monitor and track application errors. We never access these IP addresses unless it is necessary for operational or security reasons. Such IP addresses are automatically deleted within thirty (30) calendar days.

Hotjar records are deleted after each session.

This tool can be deactivated using the cookie settings available here.

Cookie validity: up to 365 days from the last interaction (this only applies to cookies created by this website)

Legal basis:

Article 6(1)(a) RODO (consent)

2.4.12 GOOGLE RECAPTCHA

Purpose / Information:

This website uses the Google reCAPTCHA v2 tool in certain cases to avoid the use of text fields by automated / robotic programs. This helps to ensure the security of our website and to avoid unwanted messages on the part of its users. This also constitutes our legitimate interest and fulfils our legal obligation.

The data collected is hardware and software information, such as device and application data and integrity check results. This data will be sent to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This data will not be used by Google to display personalised advertising.

Please see their privacy policy for more information: https://policies.google.com/privacy. Further documentation can be found here: https://developers.google.com/recaptcha/https://www.google.com/recaptcha/admin/create

Cookies/Tools: Type A. For more information, please see “Cookies/tools”.

Recipients:

Main service provider: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

It is possible that data may be transferred to third countries. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. For more information, please see the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion:

Period of validity of cookies: up to 24 months (this applies only to cookies created by this website)

Legal basis:

Art. 6(1)(c) GDPR (where processing is necessary for compliance with a legal obligation)

Article 6(1)(f) GDPR (where processing is in accordance with the legitimate interest of the controller as described above)

2.4.13 FRIENDLY CAPTCHA

Purpose / Information:

This website uses the Friendly Captcha tool in certain cases to avoid the use of text fields by automated / robotic programs. This helps to keep our site secure and avoid unwanted messages on the part of its users. This also constitutes our legitimate interest and fulfils our legal obligation.

For more information: https://friendlycaptcha.com/legal/privacy-end-users/

Cookies/tools: Type A. For more information, please see “Cookies/tools”.

Recipients:

Main service provider: Friendly Captcha GmbH, Germany.

Further recipients are indicated in section 1.4 on general recipients.

Deletion / withdrawal of consent:

The IP address is immediately anonymised after data collection.

Legal basis:

Art. 6(1)(c) RODO (when processing is necessary for the fulfilment of a legal obligation)

Article 6(1)(f) RODO (where processing is in accordance with the legitimate interest of the controller described above)

2.4.13 PIXEL TIKTOK

Purpose / Information:

This website uses the TikTok pixel from the TikTok social network (for the EU: TikTok Technology Limited, with registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, with registered office at 6th Floor, One London Wall, London, EC2Y 5EB, UK) to enable us to reconnect with users of our website when they visit the TikTok social network.

When you agree to the use of cookies requiring consent, the TikTok pixel establishes a direct connection between your browser and the TikTok servers. The pixel receives information about your visit to a specific page on our website or your click on one of our advertisements.

TikTok uses this information to display targeted and personalized advertising to its users, and to create user profiles based on their interests. The data collected is anonymous and invisible to RattaNeo, and is only used to measure the effectiveness of the advertisements.

TikTok also receives your IP address and other device information, such as your marketing ID, the device you use, the website you visit, and the time. TikTok uses this data to identify users of our website and link their activities to their TikTok user account.

TikTok is responsible for processing this data from the moment it is transmitted. We have no influence over their further processing by TikTok.

For more information on how TikTok collects, uses, and protects information collected via the TikTok pixel, please refer to the TikTok privacy policy.

Cookies/tools: Type C. For more information, please see “Cookies/tools”.

Lifetime of cookies: up to 180 days from the last interaction (this only applies to cookies set through this website).

Recipients:

TikTok Technology Limited, with registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, with registered office at 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom

Joint responsibility:

We are jointly responsible with TikTok Technology Limited, based at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (TikTok) for the collection and transmission of data as part of this process. This applies to the following purposes:

Measurement and reporting of statistics

Shared processing is therefore not included in the processing related to the following purposes:

Identifying and improving the relevance of advertising to individuals

Optimisation of the delivery of advertisements by TikTok

Improving user security, research and development to maintain and improve the integrity of TikTok’s products and services.

We have entered into a corresponding shared responsibility agreement with TikTok, which can be found here:

https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.

It sets out the relevant obligations related to the fulfilment of the obligation under the RODO with regard to joint liability. The contact details of the responsible company and TikTok’s Data Protection Officer can be found here:

https://www.tiktok.com/about/contact?

https://www.tiktok.com/legal/report/DPO

We have agreed with TikTok that TikTok may be used as a point of contact for exercising the rights of the persons concerned. Notwithstanding this, the jurisdiction of the rights of the persons concerned is not restricted.

We transfer data as part of a shared responsibility on the basis of a legitimate interest pursuant to Article 6 (1) f RODO.

Data transfer to third countries is possible. So-called standard contractual clauses in accordance with Article 46 RODO are included as adequate safeguards. An adequacy decision also applies to third countries / companies for which an adequacy decision has been made. Further information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

Other recipients are listed in paragraph 1.4 on general recipients.

Deletion of data / withdrawal of consent:

You can deactivate the tool via the cookie settings here.

Lifespan of cookies: up to 180 days from the last interaction (this only applies to cookies set via this website).

Legal basis:

Article 6 (1) a RODO (consent)

3. OTHER SERVICES OFFERED (ONLINE AND NON-ONLINE)

In addition to the online use of our website, we offer various other services that involve the offline processing of your personal data.

However, unlike in section 1.2, for some of these services, RattaNeo Sp. z o.o. acts as the data controller, as indicated in our communication with you. Therefore, if this privacy policy is referenced, for example, via a link, and the data controller has already been indicated, such as in the footer or signature of an email or campaign card, that entity shall be considered the data controller in accordance with Article 4 no. 7 of the GDPR.

3.1 CONTACT/COMMUNICATION/COOPERATION

Purpose / Information:

When communicating and/or cooperating with us, for example, via email or the contact form on our website, a data exchange platform, as a consumer, researcher, business partner or customer, we store and process the data you provide (your email address, name, and telephone number, or personal data provided during a conversation) to respond to your questions, requests or for business correspondence.

Regarding cooperation with our suppliers, we have implemented an internal evaluation process that aims to improve the business relationship by developing an “action plan” in our legitimate interest. Usually, we only process company information, but it is possible to draw conclusions about you as a contact if communications with suppliers are examined for response time, reliability, and transparency.

As a consumer, if you contact us by phone, we may ask if the phone call can be recorded to ensure quality of service and for training purposes. If you agree to the recording, we process all the information you share with us during the call, including the content of the communication, possibly sensitive (health-related) data, your telephone number, and other personal data.

Regarding the processing of data arising during communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal verification purposes, or as per the relevant communication request.

Recipients and sources:

To combat terrorism, we are legally obliged to compare the data we collect with sanctions lists. Therefore, we process your data to comply with legal requirements and verify if your name appears on such lists. Moreover, we process your data within the Beiersdorf Group to prevent and investigate crimes and other offenses, assess and control risks, communicate internally, and for relevant administrative purposes. If an affiliated company needs to work with you as a supplier, we may share our experiences of working with you.

As a business associate, we compare your data with published lists of rogue suppliers (such as World Intellectual Property Organization warning lists) to make informed decisions regarding possible payments. In some cases, such as when entering into contracts, we also check your creditworthiness regularly. Our legitimate interest is to minimize financial risks, so we cooperate with credit agencies to obtain necessary data. For this purpose, we provide your name and contact details to the credit agencies.

If you are a customer or business partner, we may need to share your personal data with potential buyers as part of a corporate transaction. Usually, anonymized data is processed during due diligence. However, in specific individual cases, the processing of personal data may be necessary. Our legitimate interest is to carry out a business transaction.

Additionally, we transfer data to the following recipients:

Customer/consumer service providers

Provider of platform/hosting services.

Data transfer to third countries is possible, and we have concluded standard contractual clauses with these entities as a legal safeguard for the data, as provided for in Article 46 of the GDPR. The Adequacy Decision also applies to third countries/companies covered by it. Moreover, binding corporate rules have been approved at the platform provider/hosting services. For further information, please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are listed in section 1.4 on general recipients.

Deletion/Objection:

We delete data created in this context when it is no longer necessary, unless statutory retention obligations or limitation periods must be complied with.

For consumer enquiries via our internal consumer management tool, personal data is normally deleted after one year, unless other legal retention periods apply. Exceptionally, data may be kept longer if necessary for the establishment, exercise, or defense of legal claims.

Call recordings are stored for a maximum of 90 days.

You may object to these processes in accordance with the requirements set out in section 4.

Legal basis:

Article 6(1)(a) of the GDPR in conjunction with Article 9(2)(a) of the GDPR (consent to the recording of telephone calls)

Article 6(1)(b) of the GDPR (where the processing is carried out in the context of a contract or is necessary for the performance of the contract)

Article 6(1)(c) of the GDPR (where processing is necessary for compliance with a legal obligation)

Article 6(1)(f) of the GDPR (where processing is in accordance with the legitimate interest of the controller described above)

3.2 NEWSLETTER

Purpose / Information:

The newsletter contains news, offers, and additional information on selected brands of RattaNeo Ltd. By subscribing to the newsletter, you will receive, based on your consent given in each individual case, personalized information about products, services, or offers to participate in promotions such as competitions or product tests via email.

When you subscribe to the newsletter, you will receive a newsletter tailored to your needs (if the newsletter is “personalized,” “individualized,” or “tailored”). We evaluate your purchase and click behavior on our websites or newsletter to compile information that is relevant to you.

If this website offers a loyalty program, the newsletter is a part of the loyalty program.

Recipients:

Platform providers/hosting services

Consumer service providers

External newsletter service providers

Data transfers to third countries are possible. To safeguard the data, standard contractual clauses provided for in Article 46 of the GDPR have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. In addition, binding corporate rules have been approved for platform providers/hosting services. Further information can be found at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion/Withdrawal of consent:

The collected data is automatically deleted after 24 months at the latest if recipients do not respond to the newsletter anymore, e.g. if they do not open it (inactivity). You can unsubscribe from the newsletter at any time by clicking on the link included in each newsletter, after which you will be guided through the unsubscribe process or by sending us an email to unsubscribe.

If your profile has not been verified through the so-called double opt-in process, it will be deleted after 6 months at the latest.

Legal basis:

Article 6(1)(a) GDPR (consent).

3.3 CAMPAIGNS (E.G. SWEEPSTAKES, PRODUCT TESTS)

Purpose / Information:

If you participate in sweepstakes or similar campaigns, the personal data you provide will be used to administer the campaign. For more information on the purposes of the processing, please refer to the relevant campaign regulations.

Recipients:

– Platform provider / hosting services.

– Consumer service providers

– Forwarding service provider (e.g. for sending samples, prices)

– External agencies supporting campaigns

Data transfer to third countries is possible. As an appropriate legal safeguard for the data, standard contractual clauses provided for in Article 46 RODO have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. In addition, binding corporate rules have been approved at the platform provider/hosting services. Further information can be found at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion:

Your data will be deleted once the campaign has been finalised (see terms of participation), insofar as this does not interfere with statutory data retention obligations or the statute of limitations.

Legal basis:

Article 6(1)(b) RODO (processing is necessary for the performance of the contract)

3.4 My RattaNeo LOYALYTY PROGRAMME

Purpose / Information:

The purpose of the Loyalty Programme is to provide a personalized experience for My RattaNeo members. Upon registering for the Loyalty Programme, whether online or offline, you will receive tailored and personalized material, such as a personal customer magazine or special offers, delivered via email, post, text message, or online advertising through our channels or external channels, such as social media platforms (e.g., Facebook). To achieve this, we use the contact information you provide (e.g., email address, postal address, telephone number) and any other contact information associated with your social media profile, which will be hashed (encrypted) when linked to social media providers.

To personalize your experience appropriately, i.e., at the right time, via the right channel, with the right content and personalized message, we link your data and enrich it with additional information, such as geolocation data and profile data from all contact points, including websites and social media.

We analyze your previous number of clicks, email openings, purchases, and activities on our and other websites/apps and social media sites (e.g., in the context of advertisements) or the newsletter to customize content for you. Based on this, we can determine if you are an active user or automatically delete your account in case of inactivity (as described below). We also use this data to contact you directly, taking into account the purchase transactions you have initiated or completed. Based on this data, we create a user profile to develop content that is appropriately personalized for you.

Lastly, we use your data to analyze and improve the effectiveness of our services. Your personal data will, therefore, be stored and used for market analysis and product-related information purposes. This includes information you provide in connection with promotions/campaigns.

Recipients:

We share the collected data with relevant internal departments for processing or with external service providers, contracted data processors (e.g., hosting providers, shipping services, processing providers) as required (for the dispatch of the magazine, product samples, advertising material, correspondence, etc.). Platform/hosting service providers will have access to personal data from third countries (countries outside the European Economic Area). To implement appropriate safeguards, we have agreed standard contractual provisions with such providers in accordance with Article 46 of the GDPR. For more information, please see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Deletion / Withdrawal of consent / Objection:

We will delete your data when you delete your account/profile, provided this does not conflict with statutory retention obligations or the statutory limitation period. To delete your data, please use the available delete function after logging into your account or email us to withdraw your consent to data processing. You also have the right to object to methods of direct contact in your account/profile, except for such method of contact. You can send us your request using the contact form. We will automatically delete your personal data after 24 months of inactivity at the latest. If your profile has not been verified in the so-called double opt-in process, we will delete it after 6 months at the latest.

Legal basis:

The processing of personal data is necessary for the performance of the contract according to Article 6(1)(b) of the GDPR for the administrative activities necessary to ensure the functioning of the registration system and to guarantee the registered user access to the functionalities set out in the terms and conditions. The processing of personal data for analytical operations to assess consumer needs and preferences for the purpose of direct marketing is based on the legal basis provided by Article 6(1)(a) of the GDPR. The processing of sensitive data is based on the legal basis provided by Article 9(2)(a) of the GDPR (consent to the processing of sensitive data).

3.5 POSTAL CONSIGNMENTS

Purpose / Information:

As a selected customer, business partner, tester, and/or consumer, you will receive individualized product information, offers, news, and product samples from us by post (letter). This is a special form of direct marketing that is also in our legitimate interest and aims to increase loyalty by providing the aforementioned individuals with exclusive information.

Recipients:

Platform provider/hosting service provider.

Communication service provider.

Forwarding service provider.

The transfer of data to third countries is possible. We have concluded standard contractual clauses with these entities as an appropriate legal safeguard for the data, in accordance with Article 46 of the GDPR. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. In addition, binding corporate rules have been approved with the platform provider/hosting services. Further information can be found at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion/Objection:

Your data will be deleted as soon as you unsubscribe, unless this conflicts with a legal retention obligation or the statute of limitations. You may unsubscribe or object to further mailings as indicated in the letter or in the objection section below. Furthermore, your personal data is deleted automatically after 24 months of inactivity at the latest (e.g., when you do not use the coupons sent to you).

Legal basis:

Our processing of your personal data is based on the legitimate interest of the controller under Article 6(1)(f) of the GDPR.

3.6 SURVEYS

Purpose / Information:

When you participate in surveys or similar campaigns, we process your personal data for the purpose described in your consent. The data collected includes questions related to the survey or campaign’s purpose, as well as additional socio-demographic information about you. You may choose to participate in a survey without providing your identity, unless it’s explicitly required in your consent.

For some surveys, it may be necessary to ensure that you cannot participate or renew the survey multiple times from a technical perspective. This can be achieved by using personalized links or cookies.

Cookies used: Type A. For more information, please refer to the “Cookies/Tools” section.

Recipients:

– Platform providers / hosting services

– Consumer management service provider

– External agencies handling surveys

Data transfer to third countries is possible. As adequate legal data protection, standard contractual clauses provided for in Article 46 of the RODO have been concluded with these entities. For third countries/companies covered by an Adequacy Decision, the Adequacy Decision also applies. In addition, binding corporate rules have been approved at the platform provider/hosting services. Further information can be found at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

Further recipients are indicated in section 1.4 on general recipients.

Deletion:

Your data will be deleted once the survey or similar campaign has been finalised (see terms and conditions of participation), insofar as this does not interfere with statutory data retention obligations or the statute of limitations. Normally, data are deleted after two years.

Cookie validity: up to 180 days (only applies to cookies created by this website).

Legal basis:

Art. 6(1)(a) RODO (consent)

OBJECTION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF PERSONAL DATA

If you have given your consent (Article 6(1)(a) of GDPR) to the processing of your data, you may withdraw it at any time. Such withdrawal of consent by you does not affect the lawfulness of the processing carried out before the withdrawal.

If the processing of your personal data is based on a balancing of interests (Article 6(1)(f) of GDPR), you may object to the processing. This applies if the processing is not necessary, in particular, for the performance of a contract with you, as described by us in the description of the functions/services. When raising such an objection, we ask you to explain the reasons why we should not process your personal data in the existing manner. In the event of a justified objection, we will consider the situation and either suspend or adjust the processing or indicate compelling grounds deserving protection on the basis of which we will continue the processing.

Of course, you may object at any time to the processing of your personal data for advertising and data analysis purposes. You can inform us of your objection under the above-mentioned contact details of the data controller.

Status of the data protection declaration: October 2022.

This privacy policy describes how we process information about you, including personal data and cookies.

General information

This policy applies to the website operating under the URL: RattaNeo.com.

The operator of the website and the administrator of personal data is RattaNeo Sp. z o.o. Wojska Polskiego 8, 41-208 Sosnowiec NIP: PL6443554338

The operator’s email contact address is office@rattaneo.com.

The operator is the controller of your personal data with regard to the data provided voluntarily on the website.

The website uses your personal data for the following purposes:

Running the newsletter

Running the comment system

Running an online forum

Conducting online chat

Handling inquiries via the form

Preparation, packaging, dispatch of goods

Fulfillment of ordered services

Debt collection

Presentation of offers or information

The service performs the functions of obtaining information about users and their behavior in the following ways:

Through the voluntary data entered in the forms, which are entered into the operator’s systems.

Through the storage of cookies (so-called “cookies”) on the end devices.

Selected data protection methods used by the operator

The login and entry points for personal data are protected in the transmission layer (SSL certificate). This ensures that personal and login data entered on the website is encrypted on the user’s computer and can only be read on the target server.

The personal data stored in the database are encrypted in such a way that only those holding the operator key can read them. This protects the data in case the database is stolen from the server.

User passwords are stored in hashed form. The hashing function works in a one-way fashion – it is not possible to reverse it, which is the current modern standard for storing user passwords.

The operator periodically changes its administrative passwords.

In order to protect the data, the operator regularly makes security backups.

An important element of data protection is the regular updating of all software used by the operator to process personal data, which in particular means regular updates of software components.

Hosting

The website is hosted (technically maintained) on the servers of the operator: OVH.

Your Rights and Additional Information on the Use of Your Data

In certain situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary for the performance of the contract concluded with you or for fulfilling obligations incumbent on the Administrator. This applies to the following groups of recipients:

Couriers

Postal operators

Insurers

Law firms and debt collectors

Banks

Payment operators

Public authorities

Comment system operators

Online chat solution providers

Authorized employees and associates who use the data to fulfill the purpose of the website

Companies that provide marketing services to the Administrator

Your personal data will be processed by the Administrator for no longer than it is necessary to perform the related activities defined by separate regulations (e.g., on accounting). With regard to marketing data, data will not be processed for longer than 3 years.

You have the right to request from the Controller:

Access to personal data concerning you

Rectification of your personal data

Erasure of your personal data

Restriction of processing of your personal data

Data portability

You have the right to object, within the scope of the processing indicated in 3.3 c), to the processing of your personal data for the purpose of carrying out the legitimate interests pursued by the Administrator, including profiling, with the right to object not being exercisable if there are valid legitimate grounds for the processing overriding your interests, rights, and freedoms, in particular, the establishment, assertion, or defense of claims.

You may complain about the Administrator’s actions to the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.

The provision of personal data is voluntary but necessary to operate the Service.

Automated decision-making, including profiling for the purpose of providing services under the contract concluded and for the purpose of direct marketing by the Administrator, may be undertaken concerning you.

Personal data is not transferred from third countries within the meaning of data protection legislation. This means that we do not send them outside the European Union.

Information in Forms

The Service collects information voluntarily provided by the user, including personal data if provided.

The Service may record information about your connection parameters (timestamp, IP address).

In some cases, the service may record information to facilitate the linking of the data in the form with the email address of the user completing the form. In this case, the user’s email address appears inside the URL of the page containing the form.

The data provided in the form is processed for the purpose resulting from the function of the specific form, e.g., for the purpose of processing a service request or commercial contact, registration of services, etc. Each time the context and description of the form clearly informs what it is used for.

Administrator Logs

User behavior information on the website may be subject to logging. This data is used for the administration of the website.

7 Relevant Marketing Techniques

The operator uses statistical analysis of website traffic via Google Analytics (Google Inc., based in the USA). The operator only transmits anonymized information and not personal data to the service operator. The service uses cookies on the user’s terminal device. If the user wants to view and edit the information resulting from the cookies collected by the Google advertising network, they can use the tool: https://www.google.com/ads/preferences/.

The operator uses remarketing techniques to match advertising messages to the user’s behavior on the website. Although this may create the impression that the user’s personal data is being tracked, in practice, no personal data is transferred from the operator to the advertising operators. The use of cookies is a technological prerequisite for such activities.

The operator uses the Facebook pixel. This technology informs Facebook (Facebook Inc., USA) that a registered person is using the website, but no additional personal data is transmitted to Facebook. The service relies on the use of cookies on the user’s terminal device.

The operator uses a solution to study user behavior by creating heat maps and recording behavior on the website. Before sending the information to the service operator, it is anonymized so that the operator does not know which individual it relates to. Personal data such as passwords and other sensitive information are not recorded.

The operator uses a solution that automates the operation of the website regarding users. For example, the operator may send an email to a user who visited a particular subpage, provided that the user has consented to receive commercial correspondence from the operator.

8 Information on Cookies

The website uses cookies.

Cookies, IT data, and text files are stored on the user’s terminal equipment and intended for use on the website. Cookies usually contain the name of the website from which they originated, the time they were stored on the terminal equipment, and a unique number.

The service operator is the entity that places and accesses cookies on the service user’s terminal equipment.

Cookies are used for the following purposes:

Maintaining a session of a website user (after logging in), allowing the user to avoid re-entering their login and password on each subpage of the website.

The purposes specified above under “Essential marketing techniques.”

The website uses two main types of cookies: “session” cookies and “permanent” cookies (persistent cookies). “Session” cookies are temporary files stored on the user’s terminal equipment until the user logs out, leaves the website, or turns off the software (web browser). “Permanent” cookies are stored on the user’s terminal device for the time specified in the parameters of the cookies or until the user deletes them.

Web browsing software (web browser) usually allows cookies to be stored on the user’s terminal device by default. However, users can change their settings and delete cookies. It is also possible to block cookies automatically. Detailed information is available in the help or documentation of the internet browser.

Restrictions on the use of cookies may affect some of the website’s functionalities.

Cookies placed on the service user’s terminal equipment may also be used by entities cooperating with the service operator, such as Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), and Twitter (Twitter Inc., based in the USA).

9 Cookie Management – How to Give and Withdraw Consent in Practice?

If you do not wish to receive cookies, you can change your browser settings. However, disabling cookies that are essential for authentication processes, security, or maintaining user preferences may make it difficult, and in extreme cases, impossible, to use the website on various devices, including: