Get an estimate
Privacy

Privacy policy

Hello,

If you reached this site you no doubt value your privacy. We understand it perfectly, which is why we present to you a document that bundles together the rules for personal data processing and for using cookies and other tracking technologies in connection with the operation of the Naturaily.com website.

Some formal details to begin with – the administrator of the site is Naturaily spolka z ograniczona odpowiedzialnoscia, ul. Ofiar Oswiecimskich 17, 50-069 Wroclaw, registered in the Register of Entrepreneurs of the National Court Register under number KRS 0000472548, whose register is kept by the District Court for Wroclaw-Fabryczna in Wroclaw, VIth Commercial Division of KRS, NIP: 8943047516, share capital of PLN 40,000.00.

This privacy policy has been designed in the form of Q&As. The above form was selected to provide the transparency and clarity of the presented information. Below you will find a list of questions this policy answers.

#1 Who is the controller of your personal data?

The controller of your personal data is Naturaily spolka z ograniczona odpowiedzialnoscia, ul. Ofiar Oswiecimskich 17, 50-069 Wroclaw, registered in the Register of Entrepreneurs of the National Court Register under number KRS 0000472548, whose register is kept by the District Court for Wroclaw-Fabryczna in Wroclaw, VIth Commercial Division of KRS, NIP: 8943047516, with a share capital of PLN 40,000.00.

#2 Who can you contact regarding the processing of your personal data?

As part of implementation of personal data protection measures within our organisation we have decided not to appoint a personal data protection officer because it is not mandatory in our circumstances. In matters related to the protection of personal data and privacy in general, you can contact us at rodo@naturaily.com.

#3 What information about you do we have?

Depending on the purpose, we can process the following information about you:

  • full name,
  • email,
  • email,
  • data included in the comment you submitted,
  • data included in any correspondence addressed to us.

We have described the scope of the processed data precisely for each processing purpose. The relevant information can be found later in this policy.

#4 Where did we get your personal data?

In most cases, you provide it to us yourself. It happens when you:

  • post a comment,
  • contact us.

#5 Is your data safe?

We protect the security of your personal data. We have analysed the risks associated with individual data processing operations and have implemented the appropriate security and personal data protection measures. We monitor on an ongoing basis the state of our infrastructure, train our staff, scrutinise the procedures used, and make the necessary improvements. If you have any questions about your personal data, we are at your disposal at rodo@naturaily.com.

#6 For what purposes do we process your personal data?

There are several purposes. Below you will find a list of purposes followed by a more detailed discussion. Next to each processing purpose we have indicated the relevant legal basis.

  • management of comments – Article 6(1)(a) GDPR,
  • management of correspondence – Article 6(1)(f) GDPR,
  • archiving for the purposes of potential need to establish, exercise and defend legal claims – Article 6(1)(f) GDPR.


Comments - details

You need to be a logged in user to submit a comment. You can log in using your account in: Facebook, Disqus, Twitter or Google. If you submit a comment after logging into your social media account, based on your prior authorisation, we will have access to certain data in your social media account (name, email address, profile picture). This data will be visible next to your comment.

The data provided in connection with submitting the comment will be processed for the purpose of posting the comment on the site. The basis for the processing is your consent (Article 6(1)(a) GDPR) resulting from the submission of a form used for the publication of the comment. You can revoke your consent at any timeby requesting that the comment be deleted.

Your comments will be publicly available on the site for the duration of its availability on the Internet, unless you request deletion of the comment in advance. You can also modify the content of your comment at any time.

Correspondence management - details

By contacting us, you naturally provide us with your personal information contained in the content of the message, in particular your email address and full name. The provision of data is voluntary, but necessary to make contact.

In this case, your data is processed for the purpose of contacting and you the legal basis for the processing is Article 6(1)(f) GDPR, that is our legitimate interest. The legal basis for post-contact processing is also our legitimate interest, that is archiving of correspondence to ensure that certain facts can be demonstrated in thefuture (Article 6(1)(f) GDPR).

The content of the correspondence may be archived and we are unable to clearly determine when it will be deleted. You have the right to request the history of your correspondence with us (provided it was archived) and to request its removal, unless its archiving is justified by our overriding interest, like defence against your potential claims.

Archive - details

In the above description of individual purposes of personal data processing, we have indicated the retention periods for personal data. These periods often result from our archiving of certain data for the purpose of ensuring that we can prove certain facts in the future (such as the correspondence exchanged) or for the purpose of defending, establishing or exercise of legal claims. In this regard we refer to our legitimate interest, as per Article 6(1)(f) GDPR.

#7 How long will we keep your personal data?

The retention periods have been indicated separately for each processing purpose. You will find this information in the details of each processing purpose.

#8 Who are the recipients of your personal data?

We will risk saying that modern business can’t do without third-party services. We also use such services. Some of them involve the processing of your personal data. The following are third-party service providers involved in the processing of your personal data:

  • hosting provider who stores data on the server,
  • provider of cloud computing service which we use to store back-up copies that may include your data,
  • provider of the CRM system in which we store your data in order to improve the customer service process and for archiving purposes,
  • law firm that obtains access to the data if it is necessary to provide legal services to us,
  • Slack platform provider – as regards using the messaging system in which personal data may be processed,
  • SmallChat provider – as regards using the chat in which your personal data may be processed,
  • software providers – as regards the use of systems involving access to personal data,
  • other subcontractors who obtain access to data if their scope of service requires such access.

In addition, if necessary, your personal data may be shared with entities, authorities or institutions entitled to access the data on the basis of legal provisions such as the police, security services, courts, public prosecutors.

What's more, we use tools that collect a lot of information about you related to your use of our website. In particular, this information includes:

  • information about the operating system and web browser you are using,
  • subpages viewed,
  • time spent on the site,
  • transitions between subpages,
  • clicks on individual links,
  • site from which you access our site,
  • your age bracket,
  • your gender,
  • your approximate location limited to town,
  • your interests based on your online activity.

In our opinion, the above information does not constitute personal data as such. Because this information is collected by third-party tools we use, it is also processed by the tool providers in accordance with their terms and privacy policies. As a general principle, this information is used to provide and improve services, manage them, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and to personalise the content and advertising displayed by individual services, websites and applications. We have made efforts to provide the relevant details later in this policy, as part of explanations regarding the various tools.

#9 Do we transfer your data to third countries or international organisations?

Yes, part of the processing of your personal data may involve their transfer to third countries.

We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. Providers of these tools guarantee an adequate level of protection of personal data through the relevant compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield programme or using standard contractual clauses.

We also wish to remind you here that we use third-party tools that may collect anonymous information about you. We have already mentioned this on several occasions in this policy, including in the answer to the previous question. To store the information they collect, providers of these tools often use servers located around the world, especially in the United States of America (USA).

#10 Do we use profiling? Do we make automated decisions based on your personal data?

We do not make decisions regarding you based solely on automated processing, including profiling, that would have legal implications for you or that would materially affect you in any other way.

We do use tools that can take certain actions depending on the information collected through tracking mechanisms, but we believe that these actions do not have a significant impact on you because they do not impact your situation as a customer, do not affect the terms of the contract you may enter into with us, etc.

For example, we may use certain tools to target you with personalised ads based on past actions you have taken on our site or to suggest products that may be of interest to you. The above is referred to as behavioural advertising. We encourage you to learn more about behavioural advertising, especially regarding privacy issues. You can find detailed information and you can manage behavioural advertising settings at Youronlinechoices.com.

We emphasise that the tools we use do not give us access to information that would allow your identification. The information we refer to here includes in particular:

  • information about the operating system and web browser you are using,
  • subpages viewed,
  • time spent on the site,
  • transitions between subpages,
  • site from which you access our site,
  • your age bracket,
  • your gender,
  • your approximate location limited to town,
  • your interests based on your online activity.

We do not compile the information indicated above with your personal data stored in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the providers of individual tools, and these servers can usually be located anywhere in the world.

#11 What rights do you have in relation to the processing of your personal data?

GDPR gives you the following rights related to the processing of your personal data:

  • right to access your data and obtain a copy thereof,
  • right to rectify (correct)your data ,
  • right to have your data erased (if you believe that there are no legal grounds for our processing of your data, you have the right to have your data erased),
  • right to restrict the processing of your data (you may request that we restrict the processing of your data solely to the storage of data or to the performance of operations agreed with you if you believe that we have incorrect data or we process them without a legal basis),
  • right to object to the processing of your data (you have the right to object to the processing on the basis of a legitimate interest; you should indicate to us your particular circumstances which, in your opinion, require our cessation of the processing objected to; we will stop processing your data for these purposes, unless we demonstrate that the legal bases for our processing override your rights or that we need your data to establish, exercise or defend legal claims),
  • right to data portability (you have the right to receive from us in a structured, commonly used machine-readable format the personal data that you have provided to us on the basis of a contract or your consent; you may have us transmit this data directly to another controller),
  • right to withdraw your consent to the processing of personal data, if you have previously given such consent,
  • right to lodge a complaint with the supervisory authority (if you find that we are processing data unlawfully, you may lodge a complaint with the President of the Office for Personal Data Protection or with another competent supervisory authority).

The principles concerning the exercise of the above-mentioned rights are described in detail in Articles 16–21 GDPR. We encourage you to familiarise yourself with these regulations. For our part, we think it necessary to explain to you that the rights indicated above are not absolute and you will not be able to exercise them with respect to all personal data processing operations.

We emphasise that one of the rights indicated above can be exercised at any time - if you think that we have breached the provisions on the protection of personal data when processing your personal data, you can lodge a complaint with a supervisory authority (the President of the Office for Personal Data Protection).

You can always request us to inform you about what data about you we have and for what purposes we are processing them. All you need to do is email us at rodo@naturaily.com. However, we have made our best efforts to give you a thorough presentation of any relevant information in this privacy policy. You can use the above e-mail address in case you have any questions regarding the processing of your personal data.

#12 Do we use cookies and what are they anyway?

Just like virtually any website, our site also uses cookies.

Cookies are small text files stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system (first-party cookies) or third-party information and communication systems (third-party cookies). Cookies may record and store certain information, which can then be accessed by ICT systems for certain purposes.

Some cookies used by us are deleted after the end of the session of your web browser, i.e. after its closure (so-called. session cookies). Other cookies are stored on your end device and allow us to recognise your browser the next time you access the website (persistent cookies).

Among other sites, you can find more information about cookies at Wikipedia.

#13 What is the legal basis for our use of cookies?

We use cookies based on your consent, except when cookies are necessary for the proper provision of an electronic service to you.

As regards your consent to cookies, we assume the option according to which you give such consent through the settings of your web browser or through additional software supporting cookie management. Our assumption is that you agree to all cookies used by us that are not blocked by your browser or by additional software that you use.

Please note that disabling or restricting the use of cookies may prevent you from using some of the features available on our website and may affect you browsing experience on our site as well as on many other websites that use cookies. For example, if you block social media plugin cookies, you may lose access to buttons, widgets and social features implemented on our website.

#14 Can you disable cookies?

Yes, you can manage your cookie settings within your web browser. You can block all or selected cookies. You can also block cookies from specific websites. You can also delete previously stored cookies and other website and plugin data at any time.

Web browsers also offer the ability to use incognito mode. You can use it if you don't want information about pages you've visited and files you've downloaded saved to your browsing and download history. Cookies created in incognito mode are deleted when all incognito windows are closed.

Cookies can also be managed by browser plugins such as Ghostery. Additional software, in particular antivirus packages, may also provide cookie management options.

In addition, online tools are available to control certain types of cookies, offering in particular collective management of behavioural advertising settings (e.g. Your Online Choices, Network Advertising).

Please note that disabling or restricting the use of cookies may prevent you from using some of the features available on our website and may affect you browsing experience on our site as well as on many other websites that use cookies. For example, if you block social media plugin cookies, you may lose access to buttons, widgets and social features implemented on our website.

#15 For what purposes do we use our own cookies?

Own cookies are used to provide you with a better browsing experience.

#16 What third-party cookies are used?

Our website uses the following third-party cookies:

  • Google Analytics,
  • Google Tag Manager,
  • Google AdWords,
  • Google Optimize,
  • LinkedIn Ads,
  • Twitter Ads,
  • Facebook Custom Audiences,
  • Smallchat,
  • Facebook, Twitter (social network cookies),
  • Disqus,
  • Hotjar.

Details regarding individual third-party cookies are described below.

Google Analytics - details

We use Google Analytics tools provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We perform the relevant activities based on our legitimate interest in creating statistics and analysing them in order to optimise our websites.

In order to use Google Analytics, we have implemented in our website code a special Google Analytics tracking code. The tracking code uses Google LLC cookies for Google Analytics. You can disable Google Analytics tracking code at any time by installing a Google-provided browser add-on.

Google Analytics automatically collects information about your behaviour on our website. The information collected in this way is most often transmitted to Google's servers, which may be located anywhere in the world and may be stored there.

As a result of IP anonymization we have activated, your IP address will be truncated before forwarding. Only in exceptional cases is the full IP address transmitted to Google's servers and truncated there. As a general rule, the anonymised IP address provided by your browser as part of Google Analytics is not combined with other Google data.

We wish to emphasise that while using Google Analytics we do not collect any data that would allow your identification. Therefore, the data collected as part of Google Analytics does not constitute personal data for us. The information we have access to through Google Analytics includes in particular:

  • information about the operating system and web browser you are using,
  • subpages that you view within our website,
  • time spent on our website and on its subpages,
  • transitions between subpages,
  • site from which you accessed our site.

In addition, we use the following Advertising Features as part of Google Analytics:

  • demographics and interest reports,
  • remarketing,
  • ad reporting functions, user-ID.

We also do not collect data as part of Advertising Functions. The information we have access to includes in particular:

  • your age bracket,
  • your gender,
  • your approximate location limited to town,
  • your interests based on your online activity.

Google Analytics and Google Analytics 360 are certified to ISO 27001 Independent Security Standard. ISO 27001 is one of the most widely recognised standardsin the world and certifies compliance of systems supporting Google Analytics and Google Analytics 360 with the relevant requirements.

You can find more details of Google's use of data from websites and apps that use Google services at Google Policies.

Google Tag Manager - details

We use the Google Tag Manger tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA that enables management of tags. Tags are small snippets of code thanks to which we can control traffic and user behaviour, collect information on advertising effectiveness and improve our site.

Although Google Tag Managerdoes not collect any personally identifiable information, it triggers other tags, which in turn may collect data.

Google AdWords - details

We use remarketing functions available in Google AdWords supported by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We perform the relevant activities based on our legitimate interest in marketing our own products or services.

When you visit our website, a Google remarketing cookie is automatically left on your device, which collects information about your activity on our website. Thanks to the information collected in this way, we are able to show you ads within the Google network depending on your behaviour on our website. For example, if you view a certain service, the relevant information will be recorded by a remarketing cookie, which will allow us to target you with an advertisement of that service or any other advert we deem appropriate. This ad will be displayed to you within the Google network when you use the internet, browse other websites, etc.

We emphasise that when using Google Ads we do not collect any data that would allow your identification. Any compilation of data in such a way that it becomes personal data may be made by Google, but we assume no responsibility for this, because Google carries out these activities on the basis of the contract concluded with you as a user of Google services.

By using Google AdWords, we are only able to define the audiences we want our ads to reach. Based on this, Google decides when and how it will show you our ad.

Further processing of information takes place only if you have consented to Google linking your browsing history to your account and using information from your Google account to personalise the ads that appear on websites. In such case, Google will use your data to create and define target audience lists for remarketing across devices. To do this, Google combines the temporarily collected information with other data they have to create target groups.

If you don't want to receive personalised ads, you can manage your ad settings directly in Google.

You can find more details about Google's use of data from websites and apps that use Google services in Google Partner Sites.

Twitter Ads – details

We use remarketing functions available in Twitter Adssupported by Twitter Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. We perform the relevant activities based on our legitimate interest in marketing our own products or services.

When you visit our website, a Twitter remarketing cookie is automatically left on your device which collects information about your activity on our website. Thanks to the information collected in this way, we are able to show you ads within the Twitter network depending on your behaviour on our website. For example, if you view a certain service, the relevant information will be recorded by a remarketing cookie, which will allow us to target you with an advertisement of that service or with any other advert we deem appropriate. This ad will be displayed to you within the Twitter network when you use the internet, browse other websites, etc.

We emphasise that when using Twitter Ads we do not collect any data that would allow your identification. Any compilation of data in such a way that it becomes personal data may be made by Twitter, but we assume no responsibility for this, because Twitter performs these activities on the basis of the contract concluded with you as a user of Twitter services.

By using Twitter Ads, we are only able to define the audiences we want our ads to reach. Based on this, Twitter decides when and how it will show you our ad.

Further processing of information takes place only if you have consented to Twitter linking your browsing history to your account and using information from your Twitter account to personalise the ads that appear on websites. In such case, Twitter will use your data to create and define target audience lists for remarketing across devices. To do this, Twitter combines the temporarily collected information with other data they have to create target groups.

If you do not wish to receive personalised ads, you can manage ad settings directly in Twitter.

You can find more details about Twitter's use of data from websites and apps that use Twitter services in Twitter Privacy Policy.

Facebook Custom Audiences – details

As part of the Facebook Ads system provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA, we use Custom Audiences to deliver targeted ad messages to specific groups of users. We carry out the above activities relying on our legitimate interest in marketing our own products or services.

In order to target personalised advertising to you based on your behaviour on our website, we have installed a Facebook Pixel on our website that automatically collects information about how you use our website. The information collected in this way is most often transmitted to Facebook's servers which may be located worldwide, in particular in the United States of America (USA).

The information collected as part of Facebook Pixel is anonymous, which means it does not allow your identification. Depending on your activity on our websites, you may be allocated to a specific audience, but we do not identify individual people in those groups in any way.

However, we wish to inform you that Facebook may combine the information we collect with other information about you collected as part of your use of Facebook and may use it for its own purposes, including marketing purposes. We have no influence on the above actions performed by Facebook and you can find more information about them directly in Facebook's privacy policy. You can also manage your privacy settings from your Facebook account. You will find some useful information in this regard in Facebook ads settings.

Smallchat – details

By using the Smallchat tool provided by Nicer Studio, 25 Draper St Greenville, South Carolina 29611, US we enable your conversations with us at any time on our website.

The chat script uses cookies to ensure proper functioning of the chat. You can disable chat cookies in your browser, but by doing so you will lose the possibility to communicate via chat.

As part of the cookies collected by Smallchat, we do not have access to information that would allow your identification. Smallchat collects the data contained in cookies for analytical purposes to improve its tool. More details on Smallchat rules, including privacy, can be found in Smallchat Privacy Policy.

Social tools – details

Our website uses plugins, buttons and other social media tools, collectively referred to as "plugins", provided by social networking sites such as Facebook or Twitter.

When you view our website that contains a plugin of a particular social network, your browser sends visit information to the administrator of that social network. Since the plugin is a part of the social network built into our site, the browser sends information about the request to download the content of the respective social network to our site.

Plugins collect certain information about you, such as your user ID, the website you visit, the date and time, and other information about your web browser.

Social network administrators use some of this information to personalise the viewing conditions of our website. For example, when you visit a page with a "Like" button, a social network administrator needs information about who you are to show you those of your friends who also like our site.

The information collected by plugins may also be used by social network administrators for their own purposes, such as improving their own products, creating user profiles, analysing and optimising their own activities, targeting advertisements. We have no real influence on how the information collected by plugins is then used by social network administrators. You can find the relevant details in the terms and conditions and in privacy policies of individual social networks.

Social plugins collect and transmit information to the administrators of these services even when you browse our website without being logged into your social network account. However, in such case the browser sends a more limited set of information.

If you have logged in to one of the social networks, the website administrator will be able to directly match your visit on our website to your profile on the respective social network.

If you do not want social networks to match the data collected during your visit to our website directly with your profile on a given service, you must log out of this service before visiting our website. You can also completely disable plugins on the website by using appropriate extensions for your browser, such as script blocking.

In addition, the use of certain plugins may involve posting of certain information on your social profiles. For example, your clicks on the "Like" button may be available on your Facebook Timeline. If you share any content on your social media using the plugins embedded in our site, such sharing will obviously be visible in your profile.

All the details related to the processing by the administrators of social networks of information collected by plugins, in particular the purpose and scope of data collection and their further processing and use by administrators, as well as contact channels, your data-related rights as well as the possible settings to ensure the protection of your privacy can be found in the privacy policies of individual service providers:

Disqus - details

Our website uses a third-party comment system, i.e. Disqus provided by Disqus, Inc., 717 Market St San Francisco, CA 94103, USA.

When you view a page containing comments supported by Disqus, Disqus sends one or more cookies to your device that identify your web browser. Disqus cookies ensure proper functioning of the comment system, in particular they improve the login process. Disqus cookies also collect information about how you use our website (e.g. the pages you visit, the links you click on) in order to analyse your activity and to personalise the content displayed to you within the Disqus system, including advertisements.

When displaying ads, Disqus uses technologies that support this process, such as Google, Polymorph and ServeBid, which can set cookies for marketing personalisation, linking ads to later activities or limiting how often individual ads are shown to you.

Please note that you use the Disqus comments system as Disqus user, based on the terms and conditions and Disqus privacy policy. Disqus is an independent, third-party provider of electronic services. You can find more details of Disqus terms of use and privacy policy, in the following documents provided directly by Disqus:

Hotjar - details

We use Hotjar to better understand your needs and to offer you a better user experience, which is our legitimate interest. The tool is provided by a third party - Hotjar Limited, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta.

Hotjar records each visitor to our website and allows us to play a video recording of your behaviour on our site, as well as generation of the so-called Heatmaps. As part of the Hotjar tool, we do not have access to information enabling your identification because Hotjar does not record the process of filling out forms. The information we have access to within Hotjar includes in particular:

  • information about the operating system and web browser you are using,
  • subpages viewed by you within our service,
  • time spent on our website and on its subpages,
  • transitions between individual subpages within our service,
  • source from which you access our service,
  • places you click with your mouse.

In order to use Hotjar, we have implemented in our website code a special Hotjar tracking code. The tracking code uses Hotjar Limited cookies. The informationcollected by cookies is stored by Hotjar in a pseudonymous user profile. Neither Hotjar nor we use this information to identify you.

You can object to Hotjar creating your user profile, Hotjar storing information about your use of our website and to using Hotjar cookies directly on Hotjar page.

More details related to the processing of data through Hotjar are available in the Hotjar privacy policy.

#17 Do we track you behaviour on our website?

Yes, we use Google Analytics, Google AdWords, Twitter Ads, Hotjar, LinkedIn Ads and Facebook Custom Audiences to collect information about your activitieson our website. These tools have been described in detail in the answer to the question about third-party cookies, so we will not repeat it here.

#18 Do we serve targeted advertising to you?

Yes, we use Twitter Ads, Facebook Ads, LinkedIn Ads and Google Ads, where we can serve ads to specific target groups based on different criteria such as age, gender, interests, occupation, work, or previous activities on our site. These tools have been described in detail in response to the question about third-party cookies, so we will not repeat it here.

#19 How can you manage your privacy?

The answer to this question can be found in many places of this privacy policy devoted to individual tools, behavioural advertising, consent to cookies, etc. Nevertheless, for your convenience, we have gathered this information again in one place. Below you will find a list of options for managing your privacy.

#20 What are server logs?

Using a site involves sending queries to the server on which the site is stored. Each request to the server is stored in the server logs.

Among other things, logs include your IP address, the date and time of the server, information about your web browser and the operating system you are using. Logs are saved and stored on the server.

The data stored in the server logs is not associated with specific users of the website and is not used by us to identify you.

Server logs are only supporting material for administering the site and their content is not disclosed to anyone other than authorised server administrators.

#21 Is there anything else you should know?

As you can see, processing of personal data, the use of cookies and managing privacy in general are quite complicated. We have made every effort to ensure that this document gives you the most comprehensive knowledge on the relevant issues. If anything is unclear to you, you would like to learn more or just talk about your privacy, please email us at rodo@naturaily.com.