Privacy Policy

This Privacy Policy contains information about MILINAL's User data processing. It applies to all websites and other services and offers of MILINAL Company.

1.The protection of Users' personal data is of the utmost importance to the Owner of this website. We make great efforts to ensure that Users feel secure when entrusting their personal data to the website.

2. This Privacy Policy explains the principles and scope of the User's personal data processing, the User's rights, and the Administrator's responsibilities, and also informs about the use of cookies files.

3. The Administrator applies state-of-the-art technical measures and organizational solutions, ensuring a high level of protection of the processed personal data and preventing access by unauthorized persons.

Definitions:

• Service - the online shop operated at milinal.com

• User - a natural person, a legal person, or an organizational unit without legal personality, to which legal capacity is granted by law, that uses the electronic services available on the website.

• Personal Data Processing - an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by transmission, dissemination or otherwise making available, matching or linking, limiting, deleting or destroying GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

• GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

I. PERSONAL DATA ADMINISTRATOR

The Personal Data Administrator is LLC UNIT CRAFT with its registered office at: Ukraine, 35602, Rivne region, Dubno district, Dubno, 117 Mykhaila Hrushevskoho str.

(hereinafter referred to as MILINAL)

MILINAL shall hereinafter be referred to collectively in the plural as

"we".

We can be contacted:
- website: milinal.com
- phone number: 48 (73) 222 19 92
- by e-mail: [email protected],[email protected]

II. PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

1. Online shopping and services.

We process your data to the extent necessary to conclude and perform the sales contract and to offer our other services, such as:
a) making the Services available for the presentation and sale of our products.
b) making local services available, including those offered at events and fairs involving MILINAL.
c) carrying out regular and recurring promotional programs.
d) handling concluded transactions, including, for example, the settlement of payments and the shipment of goods.
e) providing for the handling and fulfillment of consumer rights, for example, under warranty or return of goods basis, both before and after the conclusion of the sales contract, including through direct contact (telephone, e-mail).
f) providing MILINAL with its own: information, communications, newsletters, and other direct communication.
g) ensuring the security, functionality and stability of our services at every level.
h) assessment and measurement of data related to the purchase process, including returns and cancellations made by the User.
i) evaluation and analysis of the activity and information collected as part of your account and purchases made by you on the website, including in particular information relating to returns, in order to present you with the payment methods available to you. (Payments are processed by entities cooperating with the Administrator in this regard). This action does not materially affect your decision regarding your purchases and does not limit your choice regarding the range of goods purchased.
j) offering and implementing discounts and rebates.
k) MILINAL's presentation of its own products, based on your fashion preferences.

In the case of the conclusion and performance of the contract and the provision of the services you wish to use - your personal data is processed on the basis of the sales contract concluded (i.e. art.6(1)(b) of the GDPR). In other cases, the legal basis is the legitimate interest of MILINAL resulting from the subject of its business activity (i.e. art.6(1)(f) of the GDPR).

2.Offer presentation.

Your data may also be processed to:
a) analyze the frequency of products displayed on the Website and the presentation of MILINAL goods and services tailored to your purchase history and consistent with your preferences.
b) personalize the MILINAL brand offer based on the data provided by you.
c) adjust the views on the website and build recommendations that suit your fashion preferences.

For this purpose, we use device and access data as well as similar data received from our partners. A personalized offer ensures comfortable and accessible use of the Website and access to all the products we offer. Thanks to personalization, we can present goods and services tailored to your needs. The legal basis for data processing in order to adjust our products to your preferences is the legitimate interest of MILINAL, which is direct marketing (art. 6(1 )(f) of the GDPR).

3. Advertising and market research, data analysis.

We use your data for our own promotional purposes as part of data analysis, including market research, to:

a) create target groups of Users (also within social media such as Facebook, Instagram) with similar interests and expectations, similar use of the Website, or shopping habits (segmentation).
b) collect and process information about your demographics, fashion preferences, shopping habits, and use of the Service, and to use this information to carry out activities to promote MILINAL's own products and services.
c) identify and predict fashion trends.
d) build forecasts for online purchases.
e) promote own products and services.
f) plan and analyze the effectiveness of promotional activities within target groups.
g) improve and adapt promotional activities for our own products and services.

This allows us to present you with interesting MILINAL brand products according to your preferences using statistical, aggregated, and anonymized data, as well as data that can be attributed to a specific person by performing additional actions. The legal basis for the processing of your data is based on MILINAL's legitimate interest, which is direct marketing (art.6 (1) (f) of the GDPR).

4. Product and technology development.

We use your data for the development of our products and services (development of technology, personalization of services), which allows us to tailor offers that meet your preferences. In doing so, we use aggregated, pseudonymized or anonymized data, which makes it easier and faster to resolve online shopping issues and also has a positive impact on customer service levels. In this way, we achieve our objectives of:
a) creating technical solutions to eliminate problems in finding the right products in order to improve your shopping experience,
b) improving communication channels with the Administrator through the use of automated contact solutions (including chatbot),
c) optimizing personalized services and technologies for data analytics, MILINAL's own brand promotions, and online shopping,
d) developing technology to ensure the security of information systems, personal data, and fraud prevention,
e) optimizing business and logistical processes by accelerating and simplifying the execution of concluded contracts and the services offered,
f) constantly developing technical solutions to improve and optimize the personalization of our offer,
g) implementing and developing solutions for the automated resolution of problems reported by customers,
h) fraud prevention,
i) developing and validating software solutions to optimize the necessary business and logistics processes.

The legal basis for the processing of your data is the legitimate interest of the Administrator in the development of products and technologies, which is necessary for the proper running of the business activity and the tailoring of the offer according to your needs (art.6(1) (f) of the GDPR).

5. Service optimisation.

In order to improve business operations, as well as to protect MILINAL's interests, your data is processed by:
a) improving the customer service provided by the Customer Service Office, in particular by implementing solutions to speed up the clarification of reported problems (service automation).
b) fraud prevention.
c) ensuring compliance in the exercise of consumer rights arising from the conclusion of the contract (complaints, right of return).
d) correctly fulfilling the obligations incumbent on MILINAL in connection with the conclusion of sales contracts (documenting transactions and tax documentation keeping).
e) demonstrating compliance with legal provisions in the field of activity conducted, including in particular consumer rights and personal data protection.
f) MILINAL claim securing.

The legal basis for the processing of your data is the legitimate interest of optimizing our business operations, and, if the processing is required by law (e.g., tax law, consumer protection legislation), demonstrating our compliance with such laws (art.6(1) (f) of the GDPR).

III. DATA TYPE

1. The Administrator processes the following personal data, the provision of which is necessary for:

a) the registration of your account on the Website:

- name and surname;

- e-mail address.

b) you to use and manage your account on the Website:

- name and surname;

- telephone number;

- e-mail address;

- sex;

- age;

- address data (street, house number, apartment number, postal code, city, country);

- NIP or PESEL (in the case of an invoice).

c) receiving information (newsletter) about promotional activities, and special offers:

- e-mail address;

- telephone number;

- date of birth.

d) the performance of the sales contracts concluded by you and registered on the Website:

- name and surname;

- e-mail address;

- telephone number;

- address data (street, house number, apartment number, postal code, city, country);

- NIP or PESEL (in the case of invoice);

- data relating to purchases on the Website.

e) the performance of contracts concluded without your registration on the Website:

- name and surname;

- e-mail address;

- telephone number;

- address data (street, house number, apartment number, postal code, city, country);

- NIP (in the case of invoice).

f) notifying you of the availability of the products you have indicated:

- e-mail address.

g) enabling the settlement of your money for the returned goods:

- bank account number.

h) enabling you to contact us:

- name and surname;

- transaction data (delivery address, order composition)

- contact details (postal address including street, building number, apartment number, postal code, city, country, e-mail address, telephone number);

IV. LEGAL BASIS FOR THE PERSONAL DATA PROCESSING

1. Personal data are processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, 1-88, hereinafter referred to as the "GDPR Regulation".

2. The Administrator only processes personal data upon with the consent of the User, granted at the time of registration on the website or at the time of confirmation of a transaction made on the website.

3. The granting of consent for the processing of personal data is entirely voluntary; however, the failure to grant such consent prevents the User from registering on the website and making purchases, via the website.

V. USER RIGHTS

1. The User may request information from the Administrator about the extent of the processing of his/her personal data at any time.

2. The User may request the correction or rectification of his/her personal data at any time. The User can also do this himself/herself by logging into his/her account.

3. The User may withdraw his or her consent to the processing of his or her personal data at any time, without giving reasons. The request not to process the data may concern a specific purpose of processing indicated by the User, e.g., withdrawal of consent to receive commercial information, or concern all purposes of data processing. The withdrawal of consent regarding all processing purposes will result in the User's account being deleted from the website, together with all of the User's personal data previously processed by the Administrator. The withdrawal of consent will not affect the activities already carried out.

4. The User may request that the Administrator delete his/her data at any time without stating a reason. The request for deletion of data will not affect the activities already carried out. Deletion of data means simultaneous deletion of the User's account, together with all personal data stored and processed so far, by the administrator.

5. The User may object to the processing of his/her personal data at any time, both in respect of all personal data processed by the Administrator and in a limited scope, e.g., as regards the processing of data for a specifically indicated purpose. The objection will not affect the activities carried out so far. The raising of an objection will result in the deletion of the User's account, together with all personal data stored and processed so far, by the administrator.

6. The User may request the restriction of the personal data processing, either for a specific period of time or without a time limitation but to a specific extent, which the Administrator will be obliged to comply with. This request will not affect activities already carried out.

7. The User may request that the administrator transfer the User's personal data processed to another entity. For this purpose, the User should write a request to the administrator, indicating to which entity (name, address) the User's personal data should be transferred and what specific data the User wishes the administrator to transfer. After the User confirms his/her request, the administrator will transfer the User's personal data to the indicated entity in electronic form. Confirmation of the request by the User is necessary for the security of the User's personal data and to be sure that the request comes from an authorized person.

8. Lodging a complaint to the supervisory authority for personal data matters, which in Poland is the President of the Personal Data Protection Office, address of the Personal Data Protection Office: 2 Stawki Street, 00-193 Warsaw. Submitting your demands and exercising your rights will not affect the actions performed by us. You will receive information regarding the implementation of your request no later than within one month.

We store data about your transactions for the period resulting from the tax law or in order to protect our interests as an Administrator by collecting evidence related to the recognition of a complaint or return of goods. Deletion of data by you does not result in the cessation of data processing to the extent indicated.

VI. PERSONAL DATA CONTACT

You can report any declarations or requests concerning your personal data to us in the way that is most convenient for you:

• E-mail messages to: [email protected]

• Via the contact form available on the Website.

• By post to the following address: 2 Zamkova street, Brody, Ukraine, 80600.

VII. DURATION OF PERSONAL DATA STORAGE

We store personal data for a period:

a) of your account existing on the Website.

b) resulting from tax legislation (transaction data) - 5 years from the end of the tax year in which our tax liability arose.

c) resulting from the use of the Customer Service Office (in any form) - 2 years from each contact.

d) of carrying out promotional activities (a newsletter) - until your consent is revoked.

e) of the direct promotion of our own products - until you have expressed an effective and legitimate objection.

f) of your waiting for notification of product availability - until no longer than 6 months after your request.

g) of statistical activities, the assertion of claims, or the defense of claims (e.g., complaints) - until the expiry of the time limit associated with the respective claim under the law.

VIII. PROCESSING ENTRUSTING OR DATA TRANSFER TO OTHER ENTITIES

1. We entrust your personal data, to the extent necessary to fulfill the specified purposes, to entities that cooperate with us. Those entities include warehouse staff. In order to ensure your comfort in using the e-store, we may also transfer your data to companies that provide us with IT services and analytical services (e.g., related to the preparation of

a personalized offer or user segmentation), cloud service providers (e.g., through the use of software located on the providers' servers), and entities sending correspondence promoting our products or services (Newsletter –applies to Users who have agreed to receive commercial information). We also make data available to entities participating in the performance of the agreement concluded on the Website, among others, to courier companies (InPost) and payment operators (PayPro S.A.). As soon as the data is transferred, they become data administrators.

2. Apart from the purposes indicated in this Privacy Policy, Users' personal data shall not be disclosed in any way to third parties or transferred to other entities for the purpose of sending third parties marketing materials.

3. Personal data of Website Users shall not be transferred outside the European

Union.

4. We ensure the secure processing of your personal data by using effective and appropriately adapted technical and organizational measures.

5. This Privacy Policy complies with the provisions arising from art. 13(1) and (2) of the GDPR Regulation.

Data transfers outside the EEA.

As part of the Administrator's use of tools to support day-to-day operations provided by, for example, Google, your personal data may be transferred to a country outside the European Economic Area (EEA), in particular to the United States of America (USA) or another country in which an entity cooperating with it maintains tools for the processing of Personal Data in cooperation with the Administrator. Adequate protection of Personal Data processed outside the EEA is guaranteed by the use of external data processing agreements based on standard contractual clauses that meet the requirements of the GDPR.

IX. FRAUD PROTECTION

In order to prevent risks associated with data security breaches, the data of our service users is transmitted in encrypted form. This applies to both orders and customer account logins. For this purpose, we use the SSL (Secure Socket Layer) encryption system. Thanks to the encryption, data is inaccessible to third parties. To further protect against external attacks, we also use special security technologies that constantly monitor our systems and immediately recognize and report unusual situations. Furthermore, we protect our systems through technical and organizational measures against the loss, destruction, unauthorized access, alteration, or dissemination of customer data by unauthorized persons. In this way, we want to minimize the risk of unauthorized access; protecting user data is our priority.

At the same time, however, we are not able to guarantee total protection - like other companies. We use technical and manual processes to prevent fraud in order to protect us and our users from the misuse of their data. If our security system suspects a fraud attempt or an increased risk of fraud, the process in question is referred to MILINAL's fraud team for manual verification. Taking into account the risk of fraud, appropriate preventive measures are taken (e.g., temporary blocking of the customer's account or limiting the available payment methods). These providers, with the help of cookies files and other tracking technologies, collect and process data to identify the terminal device used by the user and other data on the use of the website. This does not relate to a specific user. As part of the ordering process on our website, we collect a risk assessment for the user's terminal device from the provider's database. This risk assessment of the likelihood of a fraud attempt takes into account, among other things, whether the terminal device has connected via different service providers, whether the geographical coordinates of the terminal device have changed frequently, how many transactions have been made via the terminal device, and whether a proxy connection is used.

X. SOCIAL MEDIA PLUGINS

The following social media plugins are used on our website: Instagram, Facebook, and Youtube.

When you view the website, your browser will establish a connection to the servers of the administrators of the aforementioned social networks, so they will receive information about your viewing of the website along with your IP address. You can find detailed information about the purpose, scope, and principles of data processing by the above-mentioned websites in the privacy policies of their administrators.

XI. SOCIAL NETWORKS

Milinal maintains pages on the following social networks (hereinafter: "Networks”):

-Facebook: facebook.com/milinal.brand
-Instagram: instagram.com/milinal.pl
-Youtube: https://www.youtube.com/@milinal_brand

Milinal hereby informs you that it has limited influence over the processing of data by the operators of the Social Networks,

however, the operators of these Social Networks decide how they process your data.

We would therefore like to inform you that the purpose of the data processing on our pages on the Social Networks is to inform potential customers of Milinal's current offers and promotions, as well as to interact with visitors to the social networks in search of this information and to answer questions, to enable them to express their opinion about Milinal.

The legal basis for the processing of data on Social Networks is Article 6(1)(f) of the GDPR. The processing is carried out in the interests of promotional activities and due service to the Milinal website visitors.