This Privacy Policy sets out the principles of collecting, processing, and using personal data by the online store https://cushionsclub.shop, hereinafter referred to as "the Store".
The store is owned by MOODI LLC, hereinafter referred to as "the Data Controller".
Please familiarize yourself with our Privacy Policy, and if you have any questions or concerns, send us an email at info@cushionsclub.shop

PERSONAL DATA CONTROLLER ("Data Controller")

The controller of your personal data collected through the Store is the Store's owner: MOODI limited liability company, located at Górna 21j, 05-077 Zakręt, registered in the Register of Entrepreneurs kept by the District Court for Warsaw, under KRS number 0000966839, with tax identification number NIP: PL5322099225 and REGON: 521810780. The share capital: 5000 PLN fully paid.
The Administrator pays special attention to respecting the privacy of the Store's Customers. The data provided by Customers and data collected automatically are used only for the purposes indicated in this Privacy Policy.

Processing of Personal Data

The Administrator processes data obtained through the online Store's website in accordance with the applicable law, especially with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR".

Purposes of Processing

The Data Controller processes personal data for the following purposes:
- to perform the sales contract and the contract for the provision of electronic services or to take actions at the request of the person concerned before concluding the above contracts, (legal basis: Art. 6 (1) (b) GDPR)
- for accounting documentation including issuing invoices, (legal basis: Art. 6 (1) (c) GDPR)
- to establish, pursue or defend claims that may be raised by the Administrator or which may be raised against the Administrator. (legal basis: Art. 6 (1) (f) GDPR)
- sending a newsletter (Newsletter) containing commercial information about promotions and new products available in the Store. (legal basis: Art. 6 (1) (a) and (f) GDPR)
- informing about product availability at the customer's request (legal basis: Art. 6 (1) (a) and (f) GDPR)
- providing responses to inquiries sent through the form (legal basis: Art. 6 (1) (a) GDPR)
- transferring your personal data to PayU S.A. and PayPal ("Bank") in connection with:
a. provision by the Bank of the service of providing infrastructure for Internet payments on behalf of the online store (legal basis: Art. 6 (1) (f) Regulation).
b. handling and settlement by the Bank of payments made by online store customers via the Internet using payment instruments (legal basis: Art. 6 (1) (f) Regulation).
c. for the purpose of verifying by the Bank the proper performance of contracts concluded with the online store, in particular to ensure the protection of payers' interests in connection with their complaints (legal basis: Art. 6 (1) (f) Regulation).
- conducting satisfaction surveys and collecting opinions about the store and products
Processing your personal data for the purposes specified above will take place in connection with the existence of a legally justified interest pursued by the online store.

Providing Data and the Consequences of Not Providing It.

Providing data is voluntary, but in some cases, it may be necessary. The need to provide data occurs in the following cases:
- concluding contracts with the Administrator (sales contract, service contract regarding account registration). Failure to provide personal data necessary to conclude and perform a sales contract or a service contract regarding registration and account management results in the inability to conclude these contracts. In such a case, providing personal data is a contractual requirement,
- due to statutory obligations of the Administrator i.e., providing personal data is a statutory requirement resulting from generally applicable laws imposing on the Data Controller the obligation to process personal data. Such obligation includes processing personal data for the purpose of keeping accounting books. Failure to provide personal data will result in non-fulfillment of the above obligations.
- sending a newsletter (Newsletter) containing commercial information about promotions and new products available in the Store - failure to provide personal data necessary for the purpose of sending the Newsletter will result in the inability to send the Newsletter.
- informing about product availability at the customer's request – failure to provide necessary data to inform about product availability will result in the inability to inform about product availability.
- providing responses to inquiries sent through the form – failure to provide necessary data to respond to an inquiry through the contact form will result in the inability to send the

inquiry and the inability to provide a response.

- in the case of transferring your personal data to the Bank in connection with the handling and settlement of payments made by you to the online store via the Internet using payment instruments, providing data is required to execute the payment and to send confirmation of its completion by the Bank on behalf of the online store.
- in the case of transferring your personal data to the Bank for the purpose of verification by the Bank of the proper execution of contracts concluded with the online store, especially to ensure the protection of payers' interests in connection with their complaints, providing this data is required to enable the execution of the contract concluded between the online store and the Bank.

Scope of Personal Data Processing

- For the purpose related to the execution of the sales contract and the contract for the provision of electronic services, or to take actions at the request of the person concerned before concluding the above, the scope of processed data includes: first name, last name, email address, contact phone number, address (street, house/apartment number, postal code, city, country), delivery address (street, house/apartment number, postal code, city, country), and payment information. In the case of Clients who are not Consumers, the Data Controller may additionally process the business name and tax identification number (NIP),
- For the purpose of maintaining accounting books, the scope of processed data includes: first name, last name, residential/business address, business name, and tax identification number (NIP),
- For the purpose of establishing, pursuing, or defending claims, the scope of processed data includes: first name, last name, email address, contact phone number, address (street, house/apartment number, postal code, city, country), delivery address (street, house/apartment number, postal code, city, country). In the case of Clients who are not Consumers, the Data Controller may additionally process the business name and tax identification number (NIP),
- For the purpose of sending the Newsletter: the customer's first and last name and email address,
- For the purpose of informing about product availability, the scope of processed data includes: email address,
- For the purpose of providing responses to inquiries sent via the form: first and last name, email address, phone number,
- For the purpose of conducting satisfaction surveys and collecting opinions about the store and products: first and last name, email address, phone number, contact details, like address and the scope of the order.

Processing Period

Data is deleted/stored in accordance with commercial and tax requirements. The Data Controller stores personal data for a period that depends on the purpose for which they are processed. For processed data, this period is as follows:
- For the purpose related to the execution of the sales contract and the contract for the provision of electronic services, data are stored for the period necessary to perform, terminate, or otherwise expire the contract,
- For the purpose of maintaining accounting books, data are stored for the period required by law that mandates the Data Controller to keep accounting books (5 years, counting from the beginning of the year following the financial year to which the data relate),
- For the purpose of establishing, pursuing, or defending claims, data are stored for the period of the existence of a legally justified interest pursued by the administrator, but no longer than the period of limitation of claims against the person to whom the data relate, due to the business activity conducted by the administrator. The period of limitation is defined by legal provisions, especially the Civil Code (the basic term for claims related to business activities is 3 years, and for sales contracts 2 years),
- For the purpose of sending a newsletter (Newsletter) containing commercial information about promotions and new products available in the Store, until the withdrawal of consent to receive the Newsletter – no longer than 2 months from the resignation from receiving the newsletter,
- For the purpose of informing about product availability: for the period necessary to execute, terminate, or otherwise expire the contract for the provision of electronic services,
- For the purpose of providing responses to inquiries sent via the form – no longer than two months from the moment of providing a response.

Data Security

Considering the nature, scope, context, and purposes of processing as well as the risk of violation of rights or freedoms of natural persons with varying likelihood and severity, the Data Controller implements appropriate technical and organizational measures to ensure the processing complies with the law. These measures are reviewed and updated as necessary. The Administrator applies technical, organizational, and physical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically, including the use of SSL certificate encryption.

Rights of the Data Subject

In situations where the Data Controller processes your personal data, you have the following rights:
- The right to access the contents of your personal data, their correction, deletion, or restriction of processing, including for the marketing of MOODI LLC's own products, as well as the right to object to their processing, and the right to data portability,
- The right to lodge a complaint with the supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data violates the applicable data protection regulations. The supervisory authority is the President of the Personal Data Protection Office.
If the processing of your personal data is based on consent, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect the processing of data before the withdrawal of consent nor the legal basis of such processing.
To exercise the aforementioned rights, please contact us by sending a written message to the Data Controller's address.

TECHNOLOGIES

The Administrator uses the following technologies to monitor actions taken by

you within the Store:
1. Facebook conversion pixel – to manage ads on Facebook and conduct remarketing activities,
2. Google Analytics tracking code – to analyze the Store's statistics. Google Analytics uses its own cookies to analyze the actions and behaviors of the Store's Users. These files are used to store information, e.g., from which page the User came to the current web page. They help improve the Site.
To use the website https://cushionsclub.shop, it is necessary to have:
1. A device with Internet access,
2. An active email inbox that can receive messages,
3. A web browser that allows displaying web pages.

COOKIE POLICY

1. The Store does not automatically collect any information, except for information contained in cookies.
2. Cookies (so-called "cookies") are computer data, in particular, text files, which are stored in the Store User's end device and are intended for use with the Store's websites. Cookies usually contain the name of the website they come from, the storage time on the end device, and a unique number.
3. The entity placing cookies on the Store User's end device and accessing them is the Store's operator.
4. Cookies are used for the following purposes:
- to adjust the content of the Store's websites to the User's preferences and to optimize the use of websites; in particular, these files allow recognizing the Store User's device and properly displaying the web page, tailored to his individual needs;
- to create statistics that help understand how Store Users use websites, which allows improving their structure and content;
5. Within the Store, two main types of cookies are used: "session" (session cookies) and "persistent" (persistent cookies). "Session" cookies are temporary files that are stored on the User's end device until leaving the website or turning off the software (web browser). "Persistent" cookies are stored on the User's end device for the time specified in the cookies parameters or until they are deleted by the User.
6. Within the Store, the following types of cookies are used:
- "essential" cookies, enabling the use of services available within the Store, e.g., authentication cookies used for services requiring authentication within the Store;
- cookies used to ensure security, e.g., used to detect fraud in the authentication within the Store;
- "performance" cookies, enabling the collection of information on how the Store's web pages are used;
- "functional" cookies, enabling "remembering" the settings selected by the User and personalizing the User interface, e.g., in terms of the selected language or region from which the User comes, font size, website appearance, etc.;
- "advertising" cookies, enabling users to provide advertising content more tailored to their interests.
7. In many cases, the software used for browsing websites (web browser) by default allows storing cookies on the User's end device. Store Users can change cookies settings at any time. These settings can be changed in such a way as to block the automatic handling of cookies in the web browser's settings or inform about their placement on the Store User's device each time. Detailed information about the possibilities and ways of handling cookies is available in the software settings (web browser).
8. The Store operator informs that restrictions on the use of cookies may affect some functionalities available on the Store's websites.
9. Cookies placed on the Store User's end device may also be used by advertisers and partners cooperating with the Store's operator.
10. More information about cookies is available at www.allaboutcookies.org or in the "Help" section in the internet browser's menu.
External Services / Data Recipients
The Data Controller cooperates with external entities to ensure the proper functioning of the online store. In connection with the processing of personal data for the purposes indicated above, your personal data may be transferred to other recipients or categories of personal data recipients:
- carriers dealing with courier deliveries and entities operating platforms to support shipping management.
- payment system operators providing payment handling, which may include:
a) mBank S.A.
b) PayU S.A.
c) PayPal
- entities providing accounting, IT, technical services, in particular, suppliers of computer software for running an online store and hosting,
- manufacturers for the purpose of direct shipment of goods to customers.

CONTACT WITH THE ADMINISTRATOR

If you have any questions or concerns, please contact us by sending an email to: info@cushionsclub.shop
The Administrator reserves the right to make changes to the Privacy Policy. On the day of making changes, we update the date of the last amendment provided below.