2.1. Each time, the purpose, scope and recipients of data processed by the Administrator result from the actions taken by the Service Recipient or the Customer in the Online Store. For example, if the Customer selects personal collection instead of courier delivery when placing the Order, his personal data will be processed for the purpose of concluding and implementing the Sales Agreement, but will no longer be made available to the carrier performing the shipment at the request of the Administrator.

2.2. Personal data of Service Recipients or Customers are collected and processed by the Administrator in order to:
2.2.1. provision of the User Account service on the Sorvella website (Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as: "GDPR"),
2.2.2. enabling the submission and execution of an order and the conclusion of a contract for the sale of products offered by Glare Marketing Sp. z o. o. via the online store at www.sorvella.pl (Article 6(1)(b) of the GDPR)
2.2.3. marketing of own products or services of the Data Administrator, art. 6 sec. 1 lit. (f) GDPR).

2.3. Possible recipients of the personal data of the Online Store Customers: 2.3.1. In the case of a Customer who uses the Online Store with the method of delivery by post or courier, the Administrator provides the collected personal data of the Customer to the selected carrier or intermediary performing the shipment at the request of the Administrator. 2.3.2. In the case of a Customer who uses the Online Store with the method of electronic payments or by payment card, the Administrator provides the Customer's collected personal data to the selected entity servicing the above payments in the Online Store. 2.3.3. In the case of a Customer who agreed to express an opinion on the concluded Sales Agreement, the Administrator provides the collected personal data of the Customer to the selected entity operating the system of surveys evaluating the concluded Sales Agreements in the Online Store.

2.4. The Administrator may process the following personal data of Service Recipients or Customers using the Online Store: name and surname; e-mail address; contact phone number; delivery address (street, house number, apartment number, zip code, city, country), address of residence/business/registered office (if different from the delivery address). In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer.

2.5. Providing personal data referred to in the point above may be necessary to conclude and implement the Sales Agreement or the contract for the provision of Electronic Services in the Online Store. Each time, the scope of data required to conclude a contract is previously indicated on the Online Store website and in the Online Store Regulations.

2.6. Personal data of Service Recipients or Customers will be stored for the period necessary to perform the contract, and after this period for the purposes and for the period and to the extent required by law or to secure any claims. The administrator performs a systematic review of the data usefulness assessment, at least every 3 years from the date of their introduction.

3.1. Cookie files (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on what device it uses visiting our Online Store). Detailed information on cookies, as well as the history of their creation, can be found, among others, at here: http://pl.wikipedia.org/wiki/Ciasteczko . The Sorvella online store uses the following types of cookies:

3.1.1 "session" or "temporary" cookies, which are related to the session and are stored on the user's device until he leaves the website;
3.1.2. "persistent" cookies that remain in the browser after the end of the session (unless they are deleted by the user);
3.1.3. cookies of third parties (third party cookies), coming from advertising servers of entities cooperating with the website.

3.2. The Administrator may process the data contained in Cookies when visitors use the Online Store website for the following purposes:

3.2.1. identification of Service Recipients as logged in to the Online Store and showing that they are logged in;
3.2.2. remembering Products added to the basket in order to place an Order;
3.2.3. remembering data from completed Order Forms, surveys or login data to the Online Store;
3.2.4. adapting the content of the Online Store website to the individual preferences of the Service Recipient (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store pages;
3.2.5. keeping anonymous statistics showing how the Online Store website is used.

3.3. By default, most web browsers available on the market accept cookies by default. Everyone has the option of specifying the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving Cookies - in the latter case, however, it may affect some of the functionalities of the Online Store (for example, it may not be possible to complete the Order path through the Order Form due to for not remembering the Products in the basket during the next steps of placing the Order).

3.4. Web browser settings in the field of Cookies are important from the point of view of consent to the use of Cookies by our Online Store - in accordance with the regulations, such consent may also be expressed through the web browser settings. In the absence of such consent, the settings of the web browser in the field of Cookies should be changed accordingly.

3.5. Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following websites (just click on the link):
in the Chrome browser
in Firefox
in Internet Explorer
in the Opera browser
in Safari
in the Microsoft Edge browser

3.6. The Administrator also processes anonymized operational data related to the use of the Online Store (IP address, domain) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous, i.e. they do not contain features identifying people visiting the Online Store website. These data are not disclosed to third parties.

4.1. Providing personal data by the Service Recipient or the Customer is voluntary, however, failure to provide the personal data indicated in the Online Store website and in the Online Store Regulations necessary for the conclusion and implementation of the Sales Agreement or the contract for the provision of Electronic Services results in the inability to conclude this contract.

4.2. The legal basis for the processing of personal data of the Service Recipient or Customer is:
4.2.1. in the case of providing the User Account service on the Sorvella website - performance of the contract for the provision of User Account services (regarding the registration of the Service Recipient and basic handling of the user account) and the consent of the Service Recipient (if additional data is provided in the "Account Settings" section),
4.2.2. in the case of making a purchase via the Online Store - conclusion and implementation of the sales contract concluded via the Sorvella website,
4.2.3. in the case of marketing own products - the legitimate interest of the Administrator in the form of promotion of own services and products and the consent of the Service Recipient (with regard to sending commercial information by electronic means, the so-called Newsletter, to the e-mail address provided).

4.3. In the case of data processing in order for the Customer to express an opinion on the concluded Sales Agreement, the basis for such processing is the consent of the Service Recipient or the Customer.

5.1. The Service Recipient or the Customer has the right to request access to their personal data, rectify them and object to their processing.

5.2. In the circumstances specified by generally applicable law, the Service Recipient or the Customer has the right to demand:
5.2.1. deletion of data concerning him, in particular if the processed personal data are unnecessary to achieve the purpose for which they were collected, the consent on the basis of which they were processed has been withdrawn, an objection to their processing has been raised or the processing is unlawful;
5.2.2. request restriction of data processing, in particular if the personal data being processed is incomplete, outdated, untrue or is processed in violation of the law or is no longer necessary to achieve the purpose for which it was collected;
5.2.3. transfer your personal data, in particular if data processing takes place on the basis of consent or is undertaken in connection with the performance of a contract to which the Service Recipient or Customer is a party.

5.3. If the processing of personal data of the Service Recipient or the Customer is based on his consent, he has the right to withdraw this consent at any time without affecting the lawfulness of the processing which was made on the basis of consent before its withdrawal.

5.4. The Service Recipient or Customer also has the right to lodge a complaint with the supervisory authority when he/she considers that the processing of data violates the provisions of the GDPR. The complaint should be lodged with the supervisory body, which until May 25, 2018 is the Inspector General for Personal Data Protection, and after that date the President of the Office for Personal Data Protection.

5.5. In order to exercise the rights referred to above, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of this Privacy Policy.

6.1. The Online Store may contain links to other websites. The administrator encourages you to read the privacy policy set out there after going to other websites. This privacy policy applies only to this Online Store.

6.2. The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.

6.3. The Administrator provides the following technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically:
6.3.1. Securing the data set against unauthorized access.
6.3.2. Access to the Account only after entering an individual login and password.
6.3.3. SSL certificate.