Privacy policy

 

PRIVACY POLICY -
PROCESSING OF PERSONAL DATA (GDPR)
BY TTSWTRS

 

DICTIONARY

 1.1. TTSWTRS 

TTSWTRS UKRAINE 

TTSWTRS EUROPE - the legal entity, TTSWTRS EU DPR Sp. z o. o. with registered office in ul. Aleja Grunwaldzka nr 56, lok. 212, 213, kod 80-241, Gdansk, entered into the Register of Entrepreneurs under KRS number 0000966025, REGON 521811376, NIP  9522227121. 

TTSWTRS USA, CANADA, MEXICO - the legal entity, TTSWTRS Fashion Lab with registered office in 342 Hauser Blvd, Apt 216, Los Angeles, CA 90036, company number 202133610630. 

1.2.  Data Controller 

UKRAINE -  private entrepreneur,  Kovrykova Oksana, registration number of the taxpayer's registration card  

e-mail: customercare@ttswtrs.com

EUROPE, ASIA, AUSTRALIA  -  TTSWTRS EU DPR Sp. z o. o. with registered office in ul. Aleja Grunwaldzka nr 56, lok. 212, 213, kod 80-241, Gdańsk, entered into the Register of Entrepreneurs under KRS number 0000966025, REGON 521811376, NIP  9522227121.

e-mail: customercare@ttswtrs.com 

USA, CANADA, MEXICO  - TTSWTRS Fashion Lab  with registered office in 342 Hauser Blvd, Apt 216, Los Angeles, CA 90036, company number 202133610630.

e-mail: customercare@ttswtrs.com 

1.3. Personal Data – information about natural person, already identified or identifiable through one or several specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity, including image, voice record,  contact details, localization data, information included in the correspondence, information gathered with recording technology or other similar technology.

1.4. Policy – this Policy of processing private data. 

1.5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR). 

1.6. Data subject – natural person, who is a Customer or an Counterparty, to whom personal data processed by Administrator applies to

1.7. Customer – natural person, to whom the data processed by the Data Controller concern, who purchases goods in the Online Shop or/and uses services related to purchase of goods in Online Shop, also a natural person who is an employee, associate, person in charge etc. of legal person or entity without legal personality, to whom the data processed by the Data Controller concern, acting on behalf or for the benefit of person, who purchase goods in Online Shop or/and uses services related to purchase of goods in Online Shop.

1.8. Counterparty – natural person, to whom the data processed by the Data Controller concern, including natural persons who are employees, associates, people in charge etc. of legal person or entity without legal personality, that collaborates (e.g. provides goods to the Online Shop) or provides services for the Data Collector 

1.9. Online Shop – online platform under the address https://ua.ttswtrs.com/ (UKRAINE), https://ttswtrs.com/ (EUROPE, ASIA, AUSTRALIA),  https://us.ttswtrs.com/ (USA, CANADA, MEXICO) , which enables you to get acquainted with the offer of the Data Controller and through which a Customer can purchase goods from the Data Controller and which provides to a Customer other services related to purchase of goods.

 

PROCESSING OF PERSONAL DATA BY DATA CONTROLLER: 

2.1. Data Controller, due to running economic activity, gathers and processes Personal Data in accordance with relevant regulations of law, including especially GDPR, and rules of processing data specified in these regulations.

2.2. Data Controller:

 

2.2.1. provides clarity of data processing; 

2.2.2. always informs about processing data at the moment of gathering them, especially about purpose and legal grounds of personal data processing, unless he is not obliged to do so under separate regulations; 

2.2.3. cares for data being gathered only to the extent necessary for given purpose and processed only in necessary period. 

2.3. While processing data, Data Controller ensures its safety and confidentiality and access to information about processing to data subjects. If, despite application of safety measures, breach of personal data protection takes place (e.g. „data leak” or their loss) and such breach could bring high risk of violation of law or data subjects liberty, Data collector will inform subjects of data about such incident in accordance to legal regulations.

 

CONTACT WITH DATA CONTROLLER AND DATA PROTECTION OFFICER: 

3.1. Contact with Data Controller is possible through e-mail address: customercare@ttswtrs.com or correspondence address:

UKRAINE -  private entrepreneur,  Kovrykova Oksana,   

EUROPE -  TTSWTRS EU DPR Sp. z o. o., ul. Aleja Grunwaldzka nr 56, lok. 212, 213, kod 80-241, Gdańsk

USA, CANADA, MEXICO - TTSWTRS Fashion Lab, 342 Hauser Blvd, Apt 216, Los Angeles, CA 90036

3.2. Data Controller is not obliged to appoint Data Protection Officer Data Controller made an analysis involving this matter.

 

PERSONAL DATA SAFETY:

4.1. In order to provide data integrity and confidentiality, Data Controller implemented procedures enabling access to personal data only to authorized persons and only  in extent that is essential due to tasks that they perform. Data Controller applies organizational and technical solutions in order to ensure that all operations on personal data are registered and performed by authorized persons.

4.2. Data Controller takes all necessary actions to have his subcontractors and other cooperating subjects also guarantee implementation of appropriate safety measures in all circumstances of processing personal data on commission of Data Controller.

4.3. Data Controller makes up-to-date analysis of risk and monitors adequacy of applied data protection to identify threats.  In case of necessity Data Controller applies additional measures to increase data safety.

 

PURPOSES AND LEGAL GROUNDS FOR DATA PROCESSING:

5.1. Personal data of customers is processed in the following cases:

5.1.1. registration of account in Online Shop of Data. Purpose: creating individual account and managing it. Legal ground: processing is necessary for the performance of Account service (article 6 par. 1 letter b of GDPR);

5.1.2. realization of orders in Online Shop. Purpose: performance of purchase contract. Legal ground: processing is necessary for the performance of purchase contract (article 6 par. 1 letter b of GDPR);

  • using online payment service. Purpose: performance of purchase contract. Legal ground: processing is necessary for the performance of purchase contract (article 6 par. 1 letter b of GDPR); 

5.1.4. subscription of Information Bulletein (Newsletter). Purpose: information about products and offers. Legal ground: consent of the Data Subject to perform the contract for the provision of the Newsletter service (article 6 par. 1 letter a of GDPR); 

5.2. Personal data of Data Subjects is processed also in the following cases: 

5.2.1. e-mail and regular mail correspondence. In case of directing inquiries to the Data Controller via e-mail or regular mail related to purchase of goods to the sender or other contract entered with him, personal data included in this correspondence is processed only for communication and solving issue which correspondence refers to.

Legal ground for processing is legally justified interest of Data Collector (article 6 paragraph 1 letter f of GDPR) based on  correspondence that is directed to him regarding his economic activity.

Data Controller processes Personal Data important for the issue which correspondence refers to. Whole correspondence is stored in the way providing  safety of personal data (and other information) contained in it and disclosed only to authorized persons.

5.2.2. social media portals profiles. Data Controller has public profiles profile in social media
portals e.g. Instagram, Facebook.

Due to it they processes data left by people who visit these profiles (incl. comments, likes, online identifiers).

Personal Data of these people are processed:

- in order to enable them activity on these profiles;

- for effective running profiles, through presenting to users informative portals about initiatives and other activity of Data Controller and for promoting various events, services and products;

- for statistic and annalistic purposes;

- for promoting own brand and improving the quality of services provided.

Legal ground for processing Personal Data is legally justified interest of Data Controller (article 6 paragraph 1 letter f of GDPR).

ATTENTION: abovementioned information does not apply to processing personal data by Administrators of  social media portals (e.g. Instagram, Facebook).

5.2.3. processing personal data of Staff members of Data Subjects. Due to entering into contracts regarding running economic activity, Data Controller obtains data of people involved in performance of the agreement (e.g. persons authorized to contact, persons executing orders etc.)  from Data Subjects. The scope of the data transmitted is in any event limited to what is necessary for the performance of the agreement and normally does not include information other than the first name and surname and official contact details.

Such personal data are processed for realization of legally justified interest of Data Controller and his Contractor (article 6 paragraph 1 letter f of GDPR), based on enabling him to properly and effectively perform the contract. Such data may be disclosed to the third parties involved in performance of a contract.

Data are processed for the period necessary to realize abovementioned interests and fulfill legal obligations. 

5.2.4.  gathering data as a matter of business contacts. Due to running economic activity, Data Controller gathers personal data also in other cases - e.g. during business meetings or via exchange of business cards - for initiating and maintaining business contacts. Legal ground for processing data is in this matter justified interest of Data Controller (article 6 paragraph 1 letter f of GDPR) based on creating network of contact regarding running economic activity.

Personal data gathered in these circumstances are processed only for the purpose for which they were gathered - Data Controller guaranties their proper protection.

5.2.5. invoicing or billing for realisation of contract. For this purpose personal data is processed only to the extent necessary for invoicing or billing. Legal ground for processing is its indispensability to fulfill the contract (article 6 paragraph 1 letter b of GDRP). 

5.2.6. Vindication of claims related to fulfilment of contract. For this purpose personal data is processed only to the extent necessary for vindication of claims. Legal ground for processing is its indispensability to realize legally justified interest of Data Controller (article 6 paragraph 1 letter f of GDPR).

 

DATA RECIPIENTS:

SERVICE PROVIDERS

6.1. Due to running economic activity that requires processing of personal, personal data may be disclosed to external entities, including especially providers of IT and technical support services,  entities providing accounting services, postal operation, couriers, marketing or recruitment agencies, legal offices.

STATE AUTHORITIES

6.2. Data Controller reserves the right to disclose or provide given information about Subject of Personal Data to competent state authorities or third parties that request such data only on the basis of proper legal grounds and in compliance with the applicable provisions of the law.

6.3. Personal data will be also provided to competent state authorities, in particular to Courts, Prosecutors, Police, President of the Data Protection Office. (formerly: Inspector General for Personal Data Protection,), President of the Office for Competition and Consumer Protection and others that request such data from Data Controller.

 

DATA TRANSMISSION OUTSIDE THE EEA:

7.1. Level of protection of Personal Data outside the European Economic Area („EEA”) differs from the one guaranteed by European law. For this reason Data Controller transfers Personal Data  outsider het EEA only if it is necessary and with appropriate level of protection.

 

COOKIES, IP ADDRESSES. 

8.1. When you use an Online Shop, it automatically collects data about a Customer through small files called ‘cookies’. These files are saved by the Administrator on the terminal device of the person visiting the Online Shop, if the web browser has a function enabled to do so. A cookie file usually contains the domain name from which it comes, its "expiration time" and an individual, randomly selected number identifying this file. Information collected by means of such type of files helps the Data Collector to adjust products offered by them to individual preferences and actual needs of visitors at the Online Shop. They also provide the opportunity to develop general statistics of visits in the Online Shop. This data can be also collected by Google Analytics system – system of internet analytics, that gives an insight into the Online Shop data traffic and demographic data of people that visit the Online Shop, used to conduct marketing activities. Person who visits the Online Shop, that does not agree for functioning of Google Analytics system, should block cookies. 

8.2. The Data Controller uses two kinds of cookies files:

 - Session cookie - recorded information is deleted from the memory of a device after the end of a session of a given web browser or after a computer is turned off.

- Persistent cookies - remain in the memory of the end device until they are manually deleted by the browser user or until they expire

 

8.3. Cookies are used for: authentication of the Customer in the Online Shop and providing them with the Customer session in Online Shop (after logging into the Customer Account) and also for analysis and generate anonymous statistics.

8.4. The person who visits the Online Shop can turn off cookies mechanism in their browser in accordance with the manual provided by manufacturer of a browser. However Data Controller warns that blocking or removal of cookies may cause difficulties in the use of Online Shop and in some cases prevent the use of some of its options. 

8.5. Data Controller can collect IP addresses of people who visit the Online Shop. The IP address is the number assigned to the computer of the visitor of the Online Shop by the Internet Service Provider. The IP address is used by the Administrator in diagnosing technical problems with server, creating statistical analyzes, and also for safety reasons and presumptive identification of server-intensive, unwanted automatic programs for browsing the Online Shop.

 

PASSWORDS MANAGEMENT.

9.1. Data Collector assures safe and encrypted connection while sending personal data and while being logged to the customer's account in the Online Shop. 

9.2. In case that a Customer, that has an account in Online Shop has lost his account password, the Online Shop offers an option to generate a new password. The password is stored in an encrypted form in a way that prevents its reading by unauthorized people.

9.3. Data Controller does not send electronic correspondence with a request to provide login data, in particular an access password to the Customer's account.

 

PERIOD OF PERSONAL DATA PROCESSING:

10.1. The period of data processing by the Data Controller depends on the type of provided service and purpose of processing. The period of data processing may also be due to legal regulations, when they are grounds for processing. If the basis of processing is justified interest of the Data Controller – e.g. due to safety reasons – data is processed for a period enabling realization of this interest or until an effective objection regarding data processing is submitted. If data is processed on the basis of approval, data is processed until the approval is revoked. If the basis of processing is its indispensability to enter into a contract and fulfill it, the data is processed until contract termination.

10.2. The period of data processing may be extended  if processing is necessary to establish or assert claims or defend against claims; after this period - insofar as it is required by law. After this period of processing, the data are irrevocably deleted or anonymized.

 

RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA:

Subjects of Personal Data have a right to:

11.1. right to receive information about processing personal data – on this basis Data Controller provides to a natural person, who requests it, information about processing data, mainly including information about purposes and legal grounds of processing, scope of stored data, subjects whose data is being disclosed and planned date of data erasure.

11.2. right to obtain a copy of data – on this basis, the Controller provides a copy of processed data concerning a person who submits such a demand.

11.3. right to rectification – Data Controller is obligated to remove any non-compliance or errors in personal data processed and supplement them if they are incomplete.

11.4. right to erasure – on this basis you may demand to have your data, which processing is not necessary anymore to realize any of the purposes for which they were gathered, removed (erased).

11.5. The right to limit processing – in the event of such a request, Data Controller ceases to conduct operations on personal data, except for operations agreed to by the Data Subject and their storage, in accordance with accepted retention rules or until causes of data processing restrictions ceases (e.g. decision of  supervisory authority enabling further data processing is issued).

11.6. right to transfer your personal information – on this basis - in the scope in which the data is automatically processed in connection with the concluded agreement or given consent - Data Controller issues data provided by the data subject in a format that allows its reading by the computer. Demanding the transfer of such data to another subject is also possible, however, subject to the existence in this scope of technical possibilities both on the side of the Controller and also indicated entity.

11.7. right to object to processing data for the marketing purposes – Data Subject have the right to object at any time to processing their personal data for the marketing purposes; An objection within this scope does not need to include a justification.

11.8. Right to object to other data processing purposes - a data subject may at any time - on grounds relating to their particular situation - object  to processing personal data based on the Controller's legitimate interest (e.g. for analytical or statistical purposes or in view of safeguarding of assets); An objection within this scope should include a justification.

11.9. the right to revoke consent - if the data is processed under a granted consent, data subject is entitled to revoke it at any time which, however, will not affect the legality of the processing before the revocation of such consent

11.10. The right to file complaints - if you believe that our conduct in the processing of Personal Data violates GDPR or any other applicable laws, you can complain to the data-processing supervisory authority.

 

BRINGING DEMANDS RELATED TO THE EXECUTION OF RIGHTS:

12.1. A request about exercising the rights of Data Subjects may be filed:

- in writing to the following address or via e-mail at customercare@ttswtrs.com (pkt. 3.1.).

12.2. If the Collector will not be able to identify a person submitting the proposal basing on the submission he will seek supplementary information from the applicant. Indication of such data is not obligatory, however failure to indicate them shall result in refusal to realize the given demand.

12.3. Such a request may be made personally or through proxy. (e.g. family member). For reason of data safety, Data Controller encourages to use notarized proxy statement or an authorized legal counsel or attorney-at-law, which will significantly accelerate verification of the request's authenticity..

12.4. A reply to a request shall be sent within a month from the date of the receipt.
Where necessary to extend the period, the Data Controller shall advise the applicant of the causes of this action.

12.5. In case a request is directed to the Data Controller electronically, reply to it is provided in the same form, unless the requester asked for reply in other form. In other cases answer is provided by written means. If the deadline for the execution of the request renders it impossible to provide an answer in writing and the scope of the applicant's data processed by the Controller enables contact by electronic means, the answer shall be provided by electronic means.

12.6 Data Controller stores information about both the  request and the person who made it, in order to guarantee the possibility of proving conformity and in order to establish, defend or pursue eventual claims of Data Subjects. Database of requests is stored in a way providing integrity and confidentiality of contained data.

 

CHANGES IN THE POLICY OF PROCESSING PERSONAL DATA:

13.1. This Policy is reviewed on a regular basis and amended according to the needs.

13.2. The current version of the Policy has been in force since 19.06.2023.