Privacy Policy

1. General information

• This policy applies to the Website, operating under the url: https://ecup.hastastudio.com
• The service operator and personal data administrator is the company E-CUPSTONE Oleksandr Diachenko led by Oleksandr Diachenko, based in: Zawodzie 20, 80-726 Gdańsk, having NIP 8393182840.
• Contact email address of the operator: sklep@ecup.hastastudio.com 
• The Operator is the Administrator of your personal data with regard to the data you voluntarily provide on the Website.
• The Service uses personal data for the following purposes:
  • Order fulfilment and sales service
  • Handling enquiries addressed to the Administrator
  • Post-purchase review management (TrustMate)
  • Marketing of own products and services (with consent)
  • Maintaining a newsletter (with consent)
• Providing data for the purpose of order fulfilment or contact does not constitute consent to marketing or the Newsletter; such consent is voluntary and may be withdrawn at any time.
• The Service performs the functions of obtaining information about users and their behaviour in the following ways: By means of the data voluntarily entered in the forms, which are entered into the Operator's systems.
• By storing cookies (so-called „cookies”) on end devices.
• For matters related to personal data protection, you may contact the Administrator via e-mail at: sklep@ecup.hastastudio.com.

 2. Selected data protection methods used by the Operator

• The login and personal data entry sites are protected in the transmission layer (SSL certificate). This ensures that the personal and login data entered on the site are encrypted on the user's computer and can only be read on the target server.
• User passwords are stored in hashed form. The hash function operates in a one-way fashion - it is not possible to reverse it, which is now the modern standard for storing user passwords.
• The operator periodically changes its administrative passwords.
• An important element of data protection is the regular updating of all software used by the Operator to process personal data, which in particular means regular updates of software components.
• The purpose of the Seller's processing of the Buyer's data provided by the Buyer in connection with purchases in the Shop is to process orders. The basis for the processing of personal data in this case is:
  - sales contract or actions taken at the request of the Buyer to conclude it (Article 6(1)(b) RODO),
  - Seller's legal obligation relating to accounting (Article 6(1)(c) RODO) 
  - Vendor's legitimate interest in processing data for the purpose of establishing, investigating or defending possible claims (Art. 6(1)(f) RODO).

3. Hosting

• The website is hosted (technically maintained) on the infrastructure of the hosting service provider SEOHOST Sp. z o.o.

4. Your rights and additional information on how your data will be used

• In certain situations, the Administrator has the right to transfer your personal data to other recipients if this is necessary for the performance of a contract concluded with you or for the fulfilment of obligations incumbent on the Administrator. This applies to such groups of recipients:
  • hosting service provider (SEOHOST Sp. z o.o.) – on the basis of entrusting data processing
  • couriers
  • postal operators
  • payment operators
  • operators of the commentary system
  • operators of online chat solutions
  • authorised employees and associates who use the data in order to fulfil the purpose of the website
  • companies providing marketing services to the Administrator
• Your personal data is processed by the Controller for no longer than is necessary to perform the related activities specified in separate regulations (e.g. on accounting). With regard to marketing data, the data will not be processed for longer than 3 years.
• You have the right to request from the Administrator:
  • access to personal data concerning you,
  • their rectification,
  • deletions,
  • limitation of processing,
  • and data portability.
• You have the right to object to the processing of data based on the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), including profiling, for reasons related to your particular situation.
• The Administrator's actions may be complained about to the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
• The provision of personal data is voluntary, but necessary for the operation of the Service.
• The administrator may use the data for analytical and marketing purposes, including creating audience segments for the purpose of tailoring communication, but no decisions are made about you that have legal effects or similarly significantly affect you solely by automated means.
• Personal data may be transferred to third countries (in particular to the United States) in connection with the use of analytical and marketing tools provided by entities such as Google, Meta (Facebook) and Microsoft. Data transfers are carried out with the appropriate safeguards provided for in the GDPR, in particular standard contractual clauses.

5. information on the forms

• The service collects information voluntarily provided by the user, including personal data where provided.
• The service can save information about the connection parameters (time stamp, IP address).
• The website may, in some cases, store information to help link the data in the form to the e-mail address of the user completing the form. In this case, the user's e-mail address appears inside the url of the page containing the form.
• The data provided in the form is processed for the purpose resulting from the function of the specific form, e.g. to process a service request or sales contact, registration of services, etc. In each case, the context and description of the form clearly informs what it is used for.

6 Administrator logs

• Information about user behaviour on the website may be logged. This data is used for the purpose of administering the website.

7 Relevant marketing techniques

• The operator uses statistical analysis of website traffic via Google Analytics (Google Inc., based in the USA). The operator does not transmit personal data to the operator of this service, only anonymised information. The service is based on the use of cookies on the user's terminal device. With regard to the information on user preferences collected by the Google advertising network, the user can view and edit the information resulting from the cookies using a tool: https://www.google.com/ads/preferences/
• The Operator uses remarketing techniques that allow advertising messages to be tailored to the user's behaviour on the website, which may give the illusion that the user's personal data is being used to track them, but in practice, no personal data is transferred by the Operator to advertising operators. The technological prerequisite for such activities is that cookies are enabled.
• The operator uses Meta (Facebook) pixels. This technology allows Facebook (Facebook Inc. based in the USA) to know that a person registered with it is using the Website. In this case, it is based on data for which it is the controller; the Operator does not transfer any additional personal data to Facebook. The service is based on the use of cookies on the user's end device.
• The Operator uses a solution that automates the operation of the Website in relation to users, e.g. it may send an e-mail to a user after visiting a specific subpage, provided that the user has agreed to receive commercial correspondence from the Operator.
• The analytical and marketing tools referred to in this section are activated only after the user has given their consent via the cookie mechanism.

8 Information on cookies

• The website uses cookies.
• Cookies (so-called „cookies”) are IT data, in particular text files, which are stored in the Service User's terminal equipment and are intended for use on the Website. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.
• The entity placing cookies on the Service User's terminal equipment and accessing them is the Service Operator.
• Cookies are used for the following purposes:
• maintaining a session of the Website user (after logging in), thanks to which the user does not have to re-enter his/her login and password on each subpage of the Website;
• to achieve the objectives set out above under „Essential marketing techniques”;
• The Website uses two main types of cookies: „session” (session cookies) and „permanent” (persistent cookies). „Session” cookies are temporary files that are stored on the User's terminal equipment until they log off, leave the website or switch off the software (web browser). „Persistent” cookies are stored on the User's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the User.
• Web browsing software (web browser) usually allows cookies to be stored on the User's terminal device by default. Users of the Website may change their settings in this respect. The Internet browser makes it possible to delete cookies. It is also possible to automatically block cookies For details, please refer to the help or documentation of your Internet browser.
• Restrictions on the use of cookies may affect some of the functionality available on the Website.
• Cookies placed in the Service User's terminal equipment may also be used by entities cooperating with the Service Operator, in particular companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
• Consent to cookies other than those that are necessary may be given or withdrawn via the cookie banner available on the Website.

9. cookie management - how to give and withdraw consent in practice?

• If you do not wish to receive cookies, you can change your browser settings. We stipulate that disabling cookies that are essential for authentication processes, security, maintaining user preferences may make it difficult, and in extreme cases may make it impossible, to use the websites
• To manage your cookie settings, select the web browser you are using from the list below and follow the instructions:
  • Edge
  • Internet Explorer
  • Chrome
  • Safari
  • Firefox
  • Opera
  Mobile devices:
  
  • Android
  • Safari (iOS)
  • Windows Phone

10. Data collection by Microsoft Clarity and Microsoft Advertising
We work with Microsoft Clarity and Microsoft Advertising to record how people use and interact with our website using behavioural metrics, heat maps and session replay to improve and promote our products/services. Website usage data is recorded using our own and third-party cookies and other tracking technologies to determine product/service popularity and online activity. In addition, we use this information for website optimisation, fraud/security purposes and advertising. For more information on how Microsoft collects and uses your data, please visit Microsoft Privacy Statement.
The analytical and marketing tools referred to above are activated only after obtaining the user's consent expressed through the cookie mechanism.

11. online shop reviews

11.1.The customer of the Online Shop has the possibility of voluntarily and free of charge issuing an opinion concerning purchases made in the Online Shop. The subject of the opinion can also be an assessment, a photo or a review of the purchased product in the Online Shop.
11.2 After making purchases in the Online Shop, the Seller transfers the data necessary to create an email invitation to the company handling the survey process.Sending surveys and the process of collecting opinions in forms is fully handled by the company TrustMate SA with its registered office at Bartoszowicka 3, 51-641 Wrocław. TrustMate SA sends an email to the customer with a request for an opinion and a link to an online form that enables the customer to give an opinion - the online form enables the customer to answer the seller's questions about their purchase, rate it, add their own description of the opinion and a photo of the purchased product. If a rating has not been submitted after the initial invitation to submit a rating, TrustMate may resend the invitation.
11.3.An opinion can only be issued by a Customer who has made a purchase from the Seller's Online Shop.
11.4.The reviews submitted by the Customer are published by the Seller in the Online Shop and on the TrustMate.io business card.
11.5.The submission of an opinion may not be used by the Customer for illegal activities, in particular for activities that constitute an act of unfair competition against the Seller or activities that infringe personal rights, intellectual property rights or other rights of the Seller or third parties.
11.6.A review may only be issued for products actually purchased from the Seller's Online Shop. It is prohibited to conclude fictitious/apparent sales contracts in order to issue an opinion. The author of an opinion may also not be the Seller himself or his employees regardless of the basis of employment.
11.7.A submitted review can be removed by its author at any time.