Skip to content

PRIVACY AND COOKIES POLICY

This Privacy Policy sets out the rules for the processing of Users’ personal data and is an appendix to the EDEN Regulations, which constitute the rules for the provision of electronic services on the EDEN Platform. All terms included in this Privacy Policy shall be interpreted in accordance with the provisions of the Regulations, unless a different meaning is expressly indicated in the Privacy Policy. The Privacy Policy takes into account the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “RODO”, as well as the provisions of Polish legal acts, including the Act of 10 May 2018 on the protection of personal data, the Act of 18 July 2002 on the provision of services by electronic means.

I. General provisions

1. The administrator of the personal data collected via the www.oureden.io Platform is: EDENAPP LLC with registered office in Wrocław (address: Dmowskiego Street 3/9, 50 – 203 Wrocław), entered in the Register of Entrepreneurs kept by the District Court for Wrocław Fabryczna in Wrocław, VI Economic Department of the National Court Register, under KRS number: 0001025484, REGON No.: 524775094, NIP No.: 8982290764, share capital: 10 000.00 PLN. All statements should be addressed exclusively to this entity.

2. Contact with the Administrator is possible by email: hello@oureden.io

3. Definitions:
1) Cookies – means computer data, in particular small text files, recorded stored on the devices through which the User accesses the Website
2) Personal data – information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person;
3) User – means an entity to whom electronic services may be provided in accordance with the law, or with whom an Agreement for the provision of electronic services or a Distance Selling Agreement may be concluded;
4) Profiling – means any form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or predict aspects relating to that individual’s performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5) Processing – means an operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
6) Website / Platform – means the website operated by the Service Provider at www.oureden.io through which it is possible to use the Services;
7) Terms and Conditions – the document made available on the Website, setting out the terms and conditions of use of the Website and the terms and conditions of use of the Platform.
8) Suppliers – external entities that provide or may provide content available on the Service, including a payment provider.

II. Legal basis and purposes of the processing of your data

1. Personal data collected by the Administrator shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter “RODO”), the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019, item 1781) and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2020, item 344). 2. The Administrator processes the personal data provided or made available by the User in connection with the use of the Website, for the purposes of:
    1) to conclude and perform the agreement for the provision of services by electronic means and to ensure the functionality of the Website (scope of data: name, surname, company, VAT number, address in the form of street, serial number, postal code, city and country, IP address, e-mail address, telephone number and other necessary data on the Device used by the User – on the basis of Article 6(1)(b) of the RODO, i.e. due to the fact that the processing is necessary for the performance of the agreement to which the data subject is a party.
    2) informing Users about issues related to the functioning of the Service (scope of data: e-mail address, telephone number, data of the Device used by the User) – on the basis of Article 6(1)(b) and (f) RODO, i.e. due to the fact that the processing is necessary for the performance of a contract to which the data subject is a party, as well as for the performance of purposes resulting from the legitimate interests pursued by the Administrator or by a third party,
    3) to assert claims and protect rights (data scope: as in paragraph 1 and any data obtained from the User necessary to prove the existence of a claim or to defend rights) – on the basis of Article 6(1)(f) RODO, i.e. due to the fact that the processing is necessary for purposes stemming from the legitimate interests pursued by the Administrator or by a third party,
    4) fulfilment of legal obligations incumbent on the Administrator in connection with the running of the business (scope of data: any data obtained from the User) – on the basis of Article 6(1)(c) of the RODO, i.e. due to the fact that the processing is necessary for the fulfilment of a legal obligation incumbent on the Administrator,
    5) to carry out its own marketing and promotional activities (scope of data: any data obtained from the User) – on the basis of Article 6(1)(f) RODO,
    6) to carry out marketing and promotional activities on the basis of a separately granted consent (Article 6(1)(a) RODO),
    7) sending commercial information by electronic means in accordance with Article 10(2) of the Act on the provision of services by electronic means of 18 July 2002 (Journal of Laws of 2017, item 1219 as amended), including the sending of notifications (scope of data: as in paragraph 2 and any data obtained from the User) – on the basis of a separately granted consent (Article 6(1)(a) RODO).

III. Data collected by the service administrator

1. The Service Administrator collects or may collect the following personal data through the Service or direct contact from the User:
    1) identification data (name, surname, company, VAT number, address)
    2) contact details (e-mail address, telephone number),
    3) details of the device you are using (IP address, device type, device make, device model, device name, device language, device location and configuration),
    4) data relating to the User’s use of VPN software or a Device with a modified operating system;
    5) other data voluntarily provided by the User in the course of his/her contact with the Administrator, including data concerning his/her Device, correspondence data and other data not mentioned above.
2. Viewing the content of the Website does not require the provision of personal data other than automatically acquired information about your connection parameters.

3. As part of the registration on the Website, the Administrator collects the following personal data:
    1) Name;
    2) Email address,
    3) other necessary data about the Device used by the User.
4. As part of the payments made towards the use of the Services available on the Website, and in particular towards the purchase of a Physical Product or an Electronic Product by the User, the Administrator uses a Payment Provider that processes the data necessary to complete the transaction according to its own privacy policy.

IV. Profiling of collected data

1. The Administrator stipulates that he and the Suppliers may use profiling to process personal data, in particular for the purposes of direct marketing of their own products and services.

V. Duration of processing of personal data

1. Personal data will be processed for a period of:
    1) necessary for the performance of the agreement for the provision of services by electronic means set out in the Terms of Service, concluded through the Website, including after its performance due to the possibility for the parties to exercise their rights under the agreement, as well as due to possible debt recovery – until the expiry of the limitation period for claims;
    2) until such time as you withdraw your consent or object to the processing of your data – in cases where your personal data are processed on the basis of a separate consent;
2. The Administrator shall also store Users’ personal data where this is necessary to comply with its legal obligations, resolve disputes, enforce User obligations, maintain security, prevent fraud and abuse.

VI. User rights

1. The Administrator shall ensure that the Users exercise the rights referred to in paragraph 2 below. In order to exercise the rights, an appropriate request (relevant request) should be sent by e-mail to: hello@oureden.io 2. The user has the right to:
    1) access to the content of the data – in accordance with Article 15 RODO,
    2) to rectify/update the data – in accordance with Article 16 RODO,
    3) deletion of data – in accordance with Article 17 RODO,
    4) Restriction of data processing – in accordance with Article 18 RODO,
    5) data portability – in accordance with Article 20 RODO,,
    6) to object to the processing of your data – in accordance with Article 21 RODO,
    7) to withdraw the consent given at any time, whereby the withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal – pursuant,
    8) to lodge a complaint with the supervisory authority, i.e. the President of the Office for the Protection of Personal Data – in accordance with Article 77 of the RODO.
3. The Administrator shall consider the submitted requests without undue delay, but no later than within one month of their receipt. However, if – due to the complicated nature of the request or the number of requests – the Administrator will not be able to consider the User’s request within the indicated time limit, it shall inform the User about the intended extension of the time limit and indicate a time limit for the consideration of the request, however not longer than 2 months.

4. The controller shall notify the rectification or erasure of the personal data or the restriction of the processing it has carried out in accordance with the User’s request to any recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.

VII. The need to transmit data

1. The provision of personal data via the Website is voluntary, but necessary if the User registers or uses the Services set out on the Website, as part of the conclusion of a Sales Contract or a Digital Content Delivery Contract.

2. Where the provision of personal data occurs for the purpose of entering into a contract with the Administrator, it is a condition for the conclusion of the contract. The provision of personal data in this situation is voluntary, but the consequence of failing to provide such data will be the impossibility of concluding a contract with the Administrator.

VIII. Release of information

1. In order to perform the contract, the Administrator may share the data collected from Users with entities including: employees, collaborators, entities providing legal services and IT services to the Administrator and Suppliers. In addition, the Administrator shall make the collected personal data available to the entity with which it has entered into an agreement on the entrustment of personal data processing.

2. In such cases, the amount of data provided is limited to the necessary minimum. In addition, the information provided by users may be made available to the competent public authorities, limited to situations where this is required by applicable law.

3. To recipients not mentioned above, the personal data processed shall not be made available externally in a form that would allow any identification of Users, unless the User has consented to a specific release of data.

IX. Technical measures

1. The Administrator shall make every effort to secure the Users’ data and protect it from the actions of third parties, and shall perform data security monitoring throughout the period of ownership in a manner that ensures protection against unauthorised access, damage, distortion, destruction or loss of data.

2. The Administrator applies the necessary security measures for servers, connections and the Website. However, the measures taken by the Administrator may not be sufficient if Users fail to comply with the security rules.

X. Transfer of personal data outside the European economic area

1. Users’ personal data is not transferred to countries outside the EEA. The Administrator uses servers to store the data located in countries belonging to the EEA.

2. The Administrator stipulates that Suppliers may process and transfer personal data outside the European Economic Area.

XI. Processors of data on behalf of the controller

1. Users’ personal data may be entrusted for processing on behalf of the Administrator to portals that support the Administrator’s marketing campaign. Each processor is obliged to take care of the security of the processing and to comply with the principles of processing your personal data to the same extent as the Administrator.

XII. Cookies

1. The Administrator uses cookies and similar technologies to operate the Website for general traffic analysis, marketing analysis and direct marketing purposes.

2. When using the Website, small files are stored on the User’s device, in particular text files, which are used to remember the User’s decisions, maintain the User’s session, remember the data entered, collect information about the User’s device and his/her visit for security purposes, as well as to analyse visits and adapt content.


3. Cookies do not contain any data identifying a User, which means that it is not possible to establish a User’s identity from them. The cookies used by the Website are not in any way harmful to the User or the device and do not interfere with the User’s software or settings.


4. The cookie system does not interfere with the operation of the User’s computer and can be deactivated.


5. The user has the option to set the browser to block certain types of cookies and other technologies by specifying the permissible extent of information collection.


6. By using the website without changing your browser settings, i.e. accepting cookies and similar technologies by default, you consent to their use for the purposes set out in this Privacy Policy.


7. The Administrator informs that in the event that the files are necessary for the operation of the Platform, limiting their use may make it impossible to use the services of the Platform.


8. The browser settings of the Users’ device should allow cookies to be saved and should allow them to give their consent by clicking on the “ok” option in the window that appears after accessing the Platform with the information: “This website uses cookies to ensure the correct provision of services. By continuing to use the site, you agree to their use – these files will be stored on your device.”


9. The administrator uses cookies in the following ways:

FILE NAME
DESCRIPTION OF THE PURPOSE OF THE FILE
ORIGIN OF THE FILE
TYPE
PERIOD OF OPERATION
GA
This file has the function of providing information about the user’s session
http
1 hour/session
FILES STORED IN THE SESSION MEMORY OF THE WEB BROWSER
USER
User ID of the logged-in user

10. Suppliers, including payment providers, may process User data and collect cookies based on the User’s separately granted consent. The Administrator stipulates that Providers may use cookies and similar technologies for, among other things, analytical, advertising or affiliation purposes.

11. The Administrator may also use the services of Google Analytics and other Providers, including social networks for traffic analysis and affiliate connections. These analytical and marketing tools store information in cookies in order to generate statistics on the traffic of our Service and to establish affiliate connections. These functions are necessary for browsing, and monitoring the performance of the Service, as well as disseminating and improving it. When using these tools, we do not process personal data or other identifiers leading to the indirect identification of data subjects. However, the Administrator stipulates that your personal data may be processed by the Providers of these services, based on the privacy policies provided by them.

XIII. Revision of the privacy and cookies policy

1. The Administrator is entitled to amend this document, of which the User will be notified in a way allowing him/her to become acquainted with the changes before they come into force, e.g. by posting appropriate information or sending a notification to the e-mail address indicated by the User. changes come into force, e.g. by posting relevant information on the Website or by sending a notification to the e-mail address indicated by the User.

2. If the User objects to the changes made, he/she may request the deletion of his/her personal data on the Service. Continued use of the Service after the publication or sending of a notification of changes to this document shall be deemed to be consent to the collection, use and sharing of the User’s personal data according to the updated content of the document.

3. This document does not limit any of your rights under generally applicable law.