Purposes of and Bases for Personal Data Processing
In order to render services of the highest quality in line with the scope of our activities, Aura Herbals processes your personal data – for different purposes, however always in accordance with law. Below please find specified purposes of personal data processing along with legal bases.
To examine a complaint, we process such personal data as: first name and last name, email address, VAT invoice no, company data or bank account no – in the case of return of money.
The legal basis for such processing of data is Article 6 (1) (b) of the GDPR, which allows to process personal data if it is necessary to perform the agreement or to take up activities aimed at concluding the agreement; if you decide to give the last name too, we shall conclude that you have given your consent to the processing of your last name too – in such a case, the legal basis for such processing is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent;
In order to send email notifications about messages in the client’s panel, we process such personal data as: email address, company data, order number.
The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to inform the client about activities related to the performance of the service to improve comfort of using the service);
For telephone contact purposes in matters connected with the performance of the service, we process such personal data as:
- phone number,
- order number
— provided that you are interested in the contact by phone (we do not require to state the phone number obligatorily). The legal basis for such processing of data is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent;
To issue an invoice and fulfil other obligations arising from tax law provisions, such as e.g. storage of accounting documentation for 5 years, we process such personal data as:
- first name and last name,
- business name,
- address of residence or address of registered office,
- NIP [Tax ID No],
- order number.
The legal basis for such processing of data is Article 6 (1) (c) of the GDPR, which allows to process personal data if such processing is necessary for the Personal Data Controller to fulfil the obligations arising from law;
To create registers and records related to the GDPR, including e.g. register of clients who have lodged an objection in accordance with the GDPR, we process such personal data as:
- first name,
- email address,
because firstly, provisions of the GDPR impose particular documentation obligations on us to prove consistency and accountability, secondly if you lodge e.g. an objection to the processing of your personal data for marketing purposes, we must know towards who not to use direct marketing since he/she does not want it.
The legal basis for such processing of data is firstly Article 6 (1) (c) of the GDPR, which allows to process personal data if such processing is necessary for the Personal Data Controller to fulfil the obligations arising from law; secondly, Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to have knowledge about people who exercise their rights arising from the GDPR);
To grant a discount (upon giving the consent arising from provisions on rendering services by electronic means), we process such personal data as:
- first name,
- sex,
- email address
The legal basis for such processing of data is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent;
To establish, pursue or indemnify against claims, we process such personal data as:
- first name and last name (if the last name has been stated) or business name,
- address of residence (if stated),
- PESEL [Personal Number] or NIP [Tax ID No] (if stated),
- email address,
- IP,
- order number.
The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to possess personal data which will allow to establish, pursue or indemnify against claims, including claims of clients and third parties);
For archival and evidential purpose, we process such personal data as:
- first name and last name (if stated),
- email address,
- order number
— for the purposes of protecting information which may be used for proving facts of legal importance. The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to possess personal data which will allow to prove certain facts related to provision of the service, e.g. if any State body demands it);
For analytical purpose, i.e. to examine and analyse activities at the website belonging to the Company, we process such personal data as:
- date and time of visiting the site,
- type of operating system,
- approximate location,
- type of web browser used to browse through the site,
- time spent at the website,
- visited sub-sites,
- sub-site where the contact form was filled in,
- transactions,
- operations carried out at the website.
The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to get to know clients’ activities at the website);
To use cookies at the website, we process such text information (cookies shall be described in a separate point). The legal basis for such processing of data is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent (upon the first entry onto the website, a question about the consent to use cookies occurs);
To administer the website, we process such personal data as:
- IP address,
- date and time of server,
- information about the web browser,
- information about the operating system
— this data is automatically saved in the so-called server logs upon each and every use of the website owned by the Company. Administration of the website without using the server and without this automatic saving would be impossible. The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to administer the website);
To grant access to B2B platform and to perform orders, we process such personal data as: Company name, first name, last name, email address, phone number, postal address, fax number, transactions, client’s status, NIP [Tax ID No], IP address, logins.
The legal basis for such processing of data is Article 6 (1) (b) of the GDPR, which allows to process personal data if it is necessary to perform the agreement or to take up activities aimed at concluding the agreement.