Privacy Policy

March 24, 2023

Data Administrator

The operator of the Website www.happyisland.pl and the administrator of your personal data is the company Happy Island sp. z o.o., operating at the address: ul. Cichociemnych 17, 42-700 Lubliniec providing services electronically via the Website and storing and accessing information in the User's devices. You can contact us by email: biuro@happy-island.pl. Personal data collected by the Administrator are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

  • on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as GDPR), the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2018, item 1000), the Act of 18 July 2002 on the provision of services by electronic means (i.e. Journal of Laws of 2019, item 123) and Act of 16 July 2004 — Telecommunications Law (i.e. Journal of Laws of 2018, item 1954).

Acquisition of information

The Website performs functions of obtaining information about Users and their behavior in the following ways:

  • through voluntarily entered information in the contact forms placed on the website,
  • by storing cookies (so-called “cookies”) in Users' end devices.

The Service may also store information about connection parameters such as IP address, proxy server, session name, device, operating system and browser of the User, location and names of Internet service providers or mobile service providers for technical purposes related to server administration, in order to perform the contract to which the data subject is a party (pursuant to Article 6 (1) (b) GDPR) and to generate aggregate and statistical information (e.g. region from which the connection is made), on the basis of which it is not possible to identify the User, as well as for security purposes.

Data processing

As part of the process of sending data through a form aimed at the realization of the purchase process. The User receives the information referred to in Article 13 (1) and (2) of the GDPR and agrees to the collection and processing of personal data by the Administrator in the manner and for the purposes described in the relevant consent clauses and this document.

The user is responsible for providing false personal data. The Administrator does not process Users' personal data using tools for automated decision-making, including profiling.

Purposes of data processing

The administrator processes personal data in order to carry out the purchase process. Personal data processed for other purposes each time require consent through active action of the User after prior notification of the purpose, time and scope of processing. Fulfilling a legally justified purpose, in particular direct marketing of own products or services, while respecting your rights and freedoms, the Administrator may process data to the extent indicated in the form when submitting an inquiry:

  • for the duration of the correspondence initiated by the request sent by the User using the form — until its completion;
  • for a period corresponding to the life cycle of cookies stored on the User's devices — in the case of processing personal data of the User exclusively browsing the content of the Website. The Administrator also stores personal data of Users in the event that it is necessary to fulfill legal obligations imposed on it, resolve disputes, enforce the User's obligations under concluded contracts, maintain security and prevent fraud and abuse - until the expiration of the limitation period for claims against the User.

Scope of processed data

The processing of Users' data is carried out in the scope of:

  • making a purchase by the User (scope of data: name and surname, e-mail address, telephone, address and other data voluntarily provided by the User in the message to the Administrator) — due to the fact that the processing is necessary to take action at the request of the data subject before concluding the contract (Article 6 (1) (b) of the GDPR);
  • conducting direct marketing (the scope of data depends on the information voluntarily provided by the User and data concerning the User's activity recorded and stored via cookies) - on the basis of Article 6 (1) (f) of the GDPR, i.e. due to the fact that the processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator or by a third party;
  • sending commercial information by electronic means in accordance with Article 10 (2) of the Act on the provision of services by electronic means of 18 July 2002 (scope of data provided voluntarily by the User) — on the basis of a separately granted consent;
  • the use of telecommunications terminal equipment and automatic calling systems for direct marketing purposes in accordance with Article 172 of the Act of 16 July 2004 on Telecommunications Law (scope of data voluntarily provided by the User) — on the basis of a separate consent;
  • fulfillment of legal obligations incumbent on the Controller in connection with the conduct of business activities (scope of data voluntarily provided by the User) — on the basis of Article 6 (1) (c) of the GDPR, i.e. due to the fact that the processing is necessary to fulfill the legal obligation incumbent on the Administrator.

The rights

Each User may request:

  • access to your personal data,
  • rectification of personal data,
  • restriction of the processing of personal data,
  • erasure of personal data,
  • transfer of personal data,
  • withdraw your consent at any time, with the withdrawal of consent without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,
  • lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.

In addition, any user may object to the processing of personal data. In order to exercise the above rights, the user should contact the Administrator by sending an e-mail to the following address: biuro@happy-island.pl. The administrator executes the user's request without delay to the extent provided for by the relevant legal provisions. Deletion, restriction, transfer and objection to the processing of data will have an impact on the services provided and may result in the inability to perform these services correctly. The Administrator ensures that the User's data are processed exclusively for the purpose of fulfilling the order or for other purposes on the basis of individually granted consents. The administrator shall consider the submitted request immediately, but no later than within 30 days from the moment of its receipt. However, if — due to the complicated nature of the request or the number of requests — the Administrator will not be able to consider the User's request within the aforementioned period, he will consider it within the next two months, informing the User in advance of the intended extension of the deadline. The Administrator informs about the rectification or deletion of personal data or restriction of processing carried out at the request of the User to each recipient to whom the personal data has been disclosed, unless this proves impossible or will require disproportionately high effort.

Cooperating entities

Depending on the processes related to the type of service, the Administrator may transfer data to the entities necessary for the correct implementation of the process. In the case of delivery of products, the data is transmitted to couriers or postal operators in order to carry out the delivery. In the case of customer service (inquiries and claims), the data is made available to entities providing support in the indicated scope.

Entrustment of processing

For the proper functioning of the website, it is necessary for the Administrator to use the services of external entities. The Controller uses only the services of such processors who provide sufficient guarantees of the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the Regulation and protects the rights of data subjects. The Administrator entrusts the processing of personal data to the following entities: service providers providing the Controller with technical, IT and organizational solutions (in particular computer software providers, e-mail and hosting providers) — the Administrator makes the collected personal data of the User available to the selected provider acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy. All entities to which the Controller entrusts the processing of personal data guarantee the use of appropriate measures of protection and security of personal data required by law. The Controller may be obliged to provide information collected by the Party to authorized bodies on the basis of lawful requests to the extent resulting from the request.

Automatic profiling

We inform you that the personal data processed are not subject to automatic profiling.

Protection of personal data

In order to minimize the risks associated with unauthorized access to personal data, we strive to ensure the proper level of privacy and security of your data. The tools we use have been selected to ensure adequate protection of the processing of personal data in accordance with the requirements of the law. The Controller carefully selects and applies appropriate technical measures, including of a technical and organizational nature, ensuring the protection of the processed data appropriate to the risks and categories of data protected, in particular protects the data against their disclosure to unauthorized persons, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of the applicable regulations laws.

Change of privacy policy

  • The Administrator has the right to amend this document, about which the User will be notified in such a way as to enable him to familiarize himself with the changes before they enter into force, e.g. by posting relevant information on the main page of the Website, and in case of significant changes also by sending a notification to the e-mail address indicated by the User.
  • In case of objections of the User to the changes made, he may request the deletion of his personal data by the Administrator and stop using the Website. Your continued use of the Service after the publication or sending of a notice of changes to this document is considered to be your consent to the collection, use and sharing of your personal data according to the updated content of the document.
  • The Privacy Policy does not limit any rights granted to the User in accordance with generally applicable law.