Simply for health

Privacy Policy

Privacy Policy for users of the website: https://auraherbals.pl

  1. Personal Data Controller’s Details

    Please be informed that the controller or your personal data is Aura Herbals Sp. z o.o., with its registered office at the address: ul. Grunwaldzka 49/2, Sopot 81-754, holding NIP [Tax ID No]: 585-149-08-34, REGON [National Business Registry] No: 385786580, KRS [National Court Register] No: 0000833592 hereinafter referred to as “Aura Herbals”. You can contact Aura Herbals on the protection of personal data at the email address: odo@auraherbals.pl or by calling the number: +48 534 229 890.

  2. Contact person in personal data protection matters

    Aura Herbals employs persons who are willing to help you in all issues related to protection of personal data, in particular, it will answer any and all questions about processing of your personal data. Contact is possible at the email address: odo@auraherbals.pl or by calling the number: +48 534 229 890.

  3. Purposes of and Bases for Personal Data Processing

    In order to render services of the highest quality in line with the scope of our activities, Aura Herbals processes your personal data – for different purposes, however always in accordance with law. Below please find specified purposes of personal data processing along with legal bases.

    To examine a complaint, we process such personal data as: first name and last name, email address, VAT invoice no, company data or bank account no – in the case of return of money. The legal basis for such processing of data is Article 6 (1) (b) of the GDPR, which allows to process personal data if it is necessary to perform the agreement or to take up activities aimed at concluding the agreement; if you decide to give the last name too, we shall conclude that you have given your consent to the processing of your last name too – in such a case, the legal basis for such processing is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent;

    In order to send email notifications about messages in the client’s panel, we process such personal data as: email address, company data, order number. The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to inform the client about activities related to the performance of the service to improve comfort of using the service);

    For telephone contact purposes in matters connected with the performance of the service, we process such personal data as:

    • phone number,
    • order number

    — provided that you are interested in the contact by phone (we do not require to state the phone number obligatorily). The legal basis for such processing of data is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent;

    To issue an invoice and fulfil other obligations arising from tax law provisions, such as e.g. storage of accounting documentation for 5 years, we process such personal data as:

    • first name and last name,
    • business name,
    • address of residence or address of registered office,
    • NIP [Tax ID No],
    • order number.

    The legal basis for such processing of data is Article 6 (1) (c) of the GDPR, which allows to process personal data if such processing is necessary for the Personal Data Controller to fulfil the obligations arising from law;

    To create registers and records related to the GDPR, including e.g. register of clients who have lodged an objection in accordance with the GDPR, we process such personal data as:

    • first name,
    • email address,

    because firstly, provisions of the GDPR impose particular documentation obligations on us to prove consistency and accountability, secondly if you lodge e.g. an objection to the processing of your personal data for marketing purposes, we must know towards who not to use direct marketing since he/she does not want it. The legal basis for such processing of data is firstly Article 6 (1) (c) of the GDPR, which allows to process personal data if such processing is necessary for the Personal Data Controller to fulfil the obligations arising from law; secondly, Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to have knowledge about people who exercise their rights arising from the GDPR);

    To grant a discount (upon giving the consent arising from provisions on rendering services by electronic means), we process such personal data as:

    • first name,
    • sex,
    • email address

    The legal basis for such processing of data is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent;

    To establish, pursue or indemnify against claims, we process such personal data as:

    • first name and last name (if the last name has been stated) or business name,
    • address of residence (if stated),
    • PESEL [Personal Number] or NIP [Tax ID No] (if stated),
    • email address,
    • IP,
    • order number.

    The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to possess personal data which will allow to establish, pursue or indemnify against claims, including claims of clients and third parties);

    For archival and evidential purpose, we process such personal data as:

    • first name and last name (if stated),
    • email address,
    • order number

    — for the purposes of protecting information which may be used for proving facts of legal importance. The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to possess personal data which will allow to prove certain facts related to provision of the service, e.g. if any State body demands it);

    For analytical purpose, i.e. to examine and analyse activities at the website belonging to the Company, we process such personal data as:

    • date and time of visiting the site,
    • type of operating system,
    • approximate location,
    • type of web browser used to browse through the site,
    • time spent at the website,
    • visited sub-sites,
    • sub-site where the contact form was filled in,
    • transactions,
    • operations carried out at the website.

    The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to get to know clients’ activities at the website);

    To use cookies at the website, we process such text information (cookies shall be described in a separate point). The legal basis for such processing of data is Article 6 (1) (a) of the GDPR, which allows to process personal data based on a voluntary granted consent (upon the first entry onto the website, a question about the consent to use cookies occurs);

    To administer the website, we process such personal data as:

    • IP address,
    • date and time of server,
    • information about the web browser,
    • information about the operating system

    — this data is automatically saved in the so-called server logs upon each and every use of the website owned by the Company. Administration of the website without using the server and without this automatic saving would be impossible. The legal basis for such processing of data is Article 6 (1) (f) of the GDPR, which allows to process personal data if in this way the Personal Data Controller exercises its legitimate interest (in this case, the Company’s interest is to administer the website);

    To grant access to B2B platform and to perform orders, we process such personal data as: Company name, first name, last name, email address, phone number, postal address, fax number, transactions, client’s status, NIP [Tax ID No], IP address, logins. The legal basis for such processing of data is Article 6 (1) (b) of the GDPR, which allows to process personal data if it is necessary to perform the agreement or to take up activities aimed at concluding the agreement.

  4. Cookies

    1. At its website, Aura herbals, just like other entities, uses the so-called cookies i.e. short text information, saved in a computer, telephone, tablet or another user device. They can be read by our system, as well as by systems which belong to other entities the services of which we use (e.g. Facebook, Google).

    2. Cookies perform a great deal of functions at the website, most often useful, which will try to describe below (if the information is insufficient, please contact us):

      • ensuring security – cookie files are used to authenticate users and prevent unauthorized use from the client’s panel. Thus, they are used for protection of user’s personal data against access by unauthorized persons;
      • influence on processes and efficient use of the website – cookie files are used so that the website will work efficiently and to be able to use the functions available at it, which is possible, inter alia, thanks to remembering settings between subsequent visits at the website. Thus, thanks to them, you can move around the website and particular sub-sites;
      • state of session – information about how visitors use the website is saved in cookie files, e.g. which sub-sites are most often hit by them. They also enable identification of errors displayed at some sub-sites. Thus, cookie files which are used for saving the so-called “state of session” help to improve services and increase comfort of browsing through the sites;
      • maintenance of the state of session – if a client logs into his/her panel, then cookie files make it possible to sustain the session. It means that after moving on to another sub-site, it is not necessary to give the login and password again each and every time, which improves comfort of using the website;
      • creation of statistics – cookie files are used to analyse how users benefit from the website (how many users open the website, how long they stay at it, which contents are most interesting, etc.). Thanks to this, you can improve the website on a permanent basis and adapt its work to users’ preferences. To track activities and to create statistics, we use Google’s tools such as Google Analytics; apart from reporting statistics of using the website, the pixel Google Analytics can also be used together with some above-described cookie files to help to display more suitable contents to the user in Google services (e.g. in Google search engine) and in the whole network;
      • using social networking functions – at the website we have the so-called pixel of Facebook, which makes it possible to like our fanpage in this service while using the website. However, in order for it to be possible, we must use cookies delivered by Facebook.
      • Using advertising functions – at the website we have the so-called Pixel of Facebook, which makes it possible to display advertisements for users of Facebook, who visited the website auraherbals.pl earlier (so-called Remarketing). Apart from the Facebook Pixel, we use a similar took for it which is made accessible by Google. Thanks to it, we can display advertisements in Google search engine and in Google advertising network.
      • Using analytical functions – we use SalesMANAGO software by means of which we can track users’ activities and adapt marketing operations to their preferences. The SalesMANAGO tool shows, inter alia, which sub-sites were visited by them. Based on data collected by SalesMANAGO, we can adapt the so-called Marketing Automation – automatically adapt contents to users of the website (e.g. send an automatic email with a discount to persons who have left the basket (such a person must agree earlier on dispatch of marketing contents, so-called Newsletter). For analytics, we also use Google Analytics.
    3. What is important, a lot of cookies are anonymized for us – without additional information, based on them we are unable to establish your identity.

    4. Your web browser allows to use cookies by default in your device, therefore during the first visit, we ask for giving a consent to use cookies. However, if you do not want to use cookies while browsing through the website, you can change the settings in the web browser – completely block the automatic handling of cookies or demand a notification about placing cookies in the device each and every time. The settings can be changed at all times.

    5. Cookie files can be blocked by you in your web browser in an appropriate way:

    6. Cookies can also be blocked via the sites:

    7. However, respecting the autonomy of all people who use the website, we feel obliged to inform you that if you deactivate or limit the handling of cookie files, this may result in quite serious difficulties in using the website, e.g. in the form of a necessity to log in at each and every sub-site, longer site loading period, limitations in use of the functionalities, limitations in liking the website at Facebook, etc.

  5. Right to withdraw a consent

    1. If the processing of personal data takes place based on a consent, you can withdraw this consent at all times – at your discretion.

    2. If you would like to withdraw the consent to process personal data, then for this purpose, it is enough to:

      • send an email directly to Aura Herbals to the address: odo@auraherbals.pl or
      • call the phone number: +48 534 229 890 or
      • click on the link in an email, attached at the end of the message or
      • remove the comment under the article or
      • remove the opinion about services.
    3. If the processing of your personal data has taken place based on a consent, its withdrawal does not cause that the processing of personal data by this time was illegal. In other words, by the time of withdrawing the consent, we have the right to process your personal data and its cancellation does not have an influence on consistency with the right to the hitherto prevailing processing.

  6. Requirement to provide personal data

    1. Provision of any personal data is voluntary and depends on your decision. However, in some cases, the provision of particular personal data is necessary to meet your expectations about using the services of the B2B Aura Herbals wholesale platform and to complete orders via the B2B Aura Herbals wholesale platform.

    2. In order to commission a service, it is necessary to provide such data as: Company name, NIP [Tax ID No], company email address, company phone number, company’s address, address for delivery of orders – without it, we are unable to properly open the company account in the B2B wholesale platform and complete orders.

    3. To be able to contact you by phone in matters connected with the performance of the service, it is necessary to give the phone number – without it, we are unable to enter into contact by phone.

    4. So that you will be able to receive information about new products, promotions and other important information related to Aura Herbals activities, it is necessary to give the first name and email address – without it, we are unable to send emails.

  7. Automated decision-making and profiling

    1. Profiling means any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

    2. Personal data of Clients may be processed in an automated way (profiling), however, this will not give rise to any legal effects towards them or significantly affect Client’s situation in a similar way.

    3. Profiling of personal data by Aura Herbals consists in processing Clients’ data in an automated manner and manually, by using it for assessing certain information about a Client, in particular for an analysis or forecast of his/her personal preferences and interests.

    4. To get to a Client with marketing messages via the Website: auraherbals.pl, Aura Herbals benefits from services rendered by external service providers. These services consist in displaying marketing messages at the Websites. For this purpose, external service providers install e.g. an appropriate code or pixel to download information about Client’s activity at the Website: auraherbals.pl. Details pertaining to the used cookies are available in §3. Legal basis – legitimate interest (Article 6 (1) (f) of the GDPR) in consisting in adaptation of marketing messages to preferences and interests.

    5. To get to a Client with marketing messages via the Website: auraherbals.pl, Aura Herbals benefits from own mechanisms of cookies to download information about Client’s activity at the Website: auraherbals.pl Details pertaining to the used cookies are available in §3. Legal basis – legitimate interest (Article 6 (1) (f) of the GDPR) in consisting in adaptation of marketing messages to preferences and interests.

  8. Transfer of personal data to third countries

    Please be informed that your personal data may be transferred outside the European Economic Area.

  9. Period of the processing of personal data

    1. If the basis for processing personal data is a consent, then Client’s personal data is processed by Aura Herbals as long as the consent is not withdrawn, and after withdrawal of the consent – for the period which corresponds with the period of prescription of claims which may be raised by Aura Herbals Sp. z o.o. and which may be raised against him. If a special provision does not provide for otherwise, the prescription period comes to ten years, and with regard to claims for periodic benefits and claims related to running a business activity – three years.

    2. If the basis for processing data is the performance of an agreement, then Client’s personal data is processed by Aura Herbals as long as it is necessary for the performance of the agreement, and after this time – for the period which corresponds with the claims prescription period. If a special provision does not provide for otherwise, the prescription period comes to ten years, and with regard to claims for periodic benefits and claims related to running a business activity – three years.

  10. Rights of data subjects

    1. Please be informed that you have the right to:

      • access your personal data;
      • rectify your personal data;
      • erase your personal data;
      • restrict personal data processing;
      • object to the processing of your personal data;
      • portability of your personal data.
    2. We respect your rights arising from personal data protection provisions and try to make their fulfilment easier in the greatest possible degree.

    3. We hereby indicate that the said rights are not absolute, thus in some situations we can refuse to fulfil them in accordance with law. However, if we refuse to take into consideration a request, then only after a thorough analysis and only if the refusal to take into account the request is necessary.

    4. With regard to the right to object, we hereby explain that you have the right to object to the processing of personal data at all times, based on the legitimate interest of the Controller of Personal Data (it is mentioned in point III) in connection with your special situation. However, you must remember that in accordance with provisions we can refuse to take into consideration an objection if we prove that:

      • there are legitimate bases for the processing, which are superior over your interests, rights and freedoms or
      • there are bases for establishing, pursuing or indemnifying against claims.
    5. Moreover, you can object to the processing of your personal data for marketing purposes at all times. In such a case, upon receipt of the objection, we will cease processing for this purpose.

    6. Your rights can be exercised by you by:

      • sending an email directly to the email address: odo@auraherbals.pl or
      • phone calling the number: +48 534 229 890
      • clicking on the link in an email, attached at the end of the message or
      • changing the data on your own in client’s panel.
  11. Right to lodge a complaint

    If you consider that your personal data is processed inconsistently with the binding law, you can lodge a complaint with the President of the Personal Data Protection Office

  12. Source of acquisition of data and categories of personal data processed

    • In the case of acquiring personal data from sources other than the data subject, the Controller shall acquire it from publicly accessible sources, e.g. from websites, internal registers kept by public administration bodies, business cards, registers of business activity (e.g. National Court Register [KRS] and Central Registration and Information on Business [CEiDG]), press and/or from other entities which provide personal data.
    • In the case of acquisition of personal data from sources other than the data subject, the Controller may process, inter alia, such data as: first name and last name, address of residence/registered office, email address, phone number and/or other data acquired by the Controller.
  13. Final provisions

    1. To matters not regulated herein, provisions on the protection of personal data shall apply.

    2. You will be informed about any and all amendments to this Privacy Policy by email and at this website.

    3. The present Privacy Policy has been in force since 25 May 2018.