1. Introduction

IrisKrakow (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our customers and users of our products that communicate (online or offline) with us, in store, events, over the phone, through our mobile applications, websites and social media platforms.
We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.
Throughout this document we refer to Data Protection Legislation which means the Regulation (EU) 2016/679 and accompanying acts, Personal Data Protection Office Poland, all the foregoing as amended from time to time, and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people of the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
IrisKrakow is the controller for the personal information we process, unless otherwise stated.
You can contact us either by email.
Our Data Protection Officer is: Siyabonga Mofele
Email: contact@iriskrakow.com

2. The information we collect and when

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect on you, and you voluntarily provide to us on iriskrakow.com may include some or all of the following:
• Your name
• Address
• Telephone number(s)
• Email address
• Survey responses
• IP address
We may, in further dealings with you, extend this personal information to include your address, purchases, services used, and subscriptions, records of conversations and agreements and payment transactions [etc etc].
• You are under no statutory or contractual requirement or obligation to provide us with your personal information; however we require at least the information above in order for us to deal with you as a service user in an efficient and effective manner.
• The legal basis for processing your data is based on compliance with a legal obligation, your interest and our legitimate interest that we will have requested at the point the information was initially provided, therefore we will not store, process or transfer your data unless we have an appropriate lawful reason to do so.

3. How we use your information

• To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
• Make available our products and services to you;
• Process your orders;
• Take payment from you or give you a refund;
• Personalise your shopping experience, for example we may provide you with details of products that match a product, which you may have purchased or enquired about previously;
• For statistical analysis and to get feedback from you about our products, websites, mobile apps, and other services and activities. For example, occasionally we may invite you to review a product or service you’ve bought or used from us. If we do, it’s possible that we’ll use independent research and feedback providers to act on our behalf;
• To power our security measures and services so you can safely access our website and mobile apps;
• Help us understand more about you as a customer, the products and services you consume, so we can serve you better;
• Contact you about products and services from us;
• Provide you with online advertising and promotions; and
• Help answer your questions and solve any issues you have.

4. Who we might share your information with

We may share your personal data with other organisations in the following circumstances:
• If the law or a public authority says we must share the personal data;
• If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
• From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
• We will not share your information with any third parties for the purposes of direct marketing.
• We use data processors who are third parties to provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they process your personal information . They may only share your personal information with other organisations apart from us or further sub-processors if we have provided them with prior written consent for this sharing. In addition, these other organisations must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.

5. How we keep you updated on our product and services

We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously consented to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.
If you wish to amend your marketing preferences, please contact us as set out below.

6. Your rights over your information

6.1 The right to be informed about our collection and use of personal data
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website policy. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
6.2 Right to access your personal information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and we will respond without delay and within one calendar month of receipt of your request .
We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. Please note that the time limit for fulfilling your request does not start until we have been able to verify your identity.
If you would like to exercise this right, please contact us as set out below.
6.3 Right to correction your personal information
If any of the personal information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
6.4 Right to stop or limit our processing of your data
You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
6.5 Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
6.6 Right to portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used and machine readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.
If you would like to exercise this right, please contact us as set out below.
6.7 For more information about your privacy rights
Poland Personal Data Protection Office or Urząd Ochrony Danych Osobowych regulates data protection and privacy matters in Poland. They provide information accessible to consumers on their website https://uodo.gov.pl

7. How long we keep your information

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with Regulation (EU) 2016/679 and accompanying acts and never retain your information for longer than is necessary. Unless otherwise required by law, your data will be stored for a period of 2 years after some other identifiable action or period, at which point it will be deleted.

8. Giving your reviews and sharing your thoughts

When using iriskrakow.com, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

9. Security

Data security is of great importance to Iris Krakow and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.
We take security measures to protect your information including:
• Limiting access to our buildings to those that we have determined are entitled to be there (by use of passes, key card access and other related technologies);
• Implementing access controls to our information technology
• We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, offices and stores.
• Never asking you for your passwords;
• Advising you never to enter your account number or password into an email or after following a link from an email.

10. What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the purposes for which it was originally collected by us.

11. Changes to our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this policy regularly to keep up-to-date.

12. How to contact us

Siyabonga Mofele
Email: contact@iriskrakow.com
Thank you for taking the time to read our Privacy Policy.