cart
Allnutrition.comPrivacy Policy

Privacy Policy www.allnutrition.com

Spis treści

I. General information

  1. This Privacy Policy defines principles of gathering, processing and using personal data obtained by website allnutrition.com (hereinafter referred as “the Website”).
  2. The Online Store Owner and the data controller is SFD SPÓŁKA AKCYJNA with registered office in Opole, Poland (45-315), ul. Głogowska 41, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Opole, VIII Economic Department of the National Court Register under number KRS 0000373427, share capital of PLN 4.404.491, NIP (tax identification number): 7543022222, REGON (Polish business registry number): 160360680, e-mail: [email protected] hereinafter referred to as SFD SPÓŁKA AKCYJNA.
  3. SFD SPÓŁKA AKCYJNA has appointed a Personal Data Protection Officer, who can be contacted at E-Mail: [email protected].
  4. Personal information collected by the data controller shall be processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR).
  5. The data Controller shall make an extra effort in order to protect privacy and information about the Online Shop Customers provided to him. The data Controller shall exercise due diligence when selecting and applying appropriate technical measures, including those of programming and organizational nature, in order to protect the processed data, and in particular he shall protect the data from unauthorized access, disclosure, loss and destruction, unauthorized modification, and also from their processing with the breach of the applicable provisions of law.

  6. Personal data will be processed in accordance with the principles of art. 5 GDPR. Personal data will be:

    1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
    2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
    3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
    4. accurate and, where necessary, kept up to date (‘accuracy’);
    5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
    6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
  7. SFD SPÓŁKA AKCYJNA acts with utmost care in order to ensure privacy of Users who visit the Website.
  8. The data controller will always post information about changes to the Privacy Policy in the Online Shop. With each change, a new version of the Policy will appear with a new date.

VII. Amendments to the Privacy Policy

  1. Please send all additional questions related to the Privacy Policy to: e-mail: [email protected].
  1. SFD SPÓŁKA AKCYJNA collects data on individuals who run economic or professional activity on their own behalf (hereinafter referred to as the Entrepreneurs), and data on individuals who perform legal actions that are not directly related to their activity, hereinafter referred to as Customers.

  2. Customer personal data are collected for:

    1. registration of an account in the Online Store for the purpose of establishment and management of an individual account. Legal grounds: processing is necessary for the performance of a contract on establishment and management of an Account service (article 6 sec. 1 letter b of GDPR);
    2. placement of an order in the Online Store for the purpose of the performance of a sales contract. Legal grounds: processing is necessary for the performance of a sales contract (article 6 sec. 1 letter b of GDPR);
    3. subscription of the Newsletter. Legal grounds: consent of a data subject for the performance of a contract concerning Newsletter service (article 6 sec. 1 letter a of GDPR);
    4. use of the contact form service. Legal grounds: legitimate interests (article 6 sec. 1 letter f of GDPR).
    5. use of the service to publish opinions. Legal basis – consent (Article 6(1) letter a of the GDPR).
    6. using the selection of supplementation service. Legal basis - the Customer's consent to the provision of the supplementation service (article 6 sec. 1 letter a of GDPR), and in relation to specific categories of personal data - the consent of the data subject (article 9 sec. 2 letter a of GDPR);
    7. conducting analytics, marketing or internet remarketing activities. Legal basis - consent of the data subject by means of an action confirming consent in the form of ticking a checkbox or consent to the installation of cookies of the marketing or analytical solutions used.

  3. In case of a registration of an Account in the Website, a User shall provide following data:

    1. e-mail.
  4. During registration of an account in the Online Store, the Customer defines an individual access password to their account. The Customer may change an account later in compliance with principles defined in VI.

  5. In the case of ordering in the Online Shop, Customer provides the following information:

    1. e-mail;
    2. address data:
      1. postal code and place of residence;
      2. country;
      3. street and house/flat number.
    3. name and surname;
    4. phone number;
  6. In case of subscription of the newsletter, User specifies only e-mail address.

  7. When using the contact form service, the Customer shall provide the following data:

    1. e-mail;
    2. name and surname;
    3. phone number;

  8. When using the publish opinion service, the Customer shall provide the following data:

    1. e-mail;
    2. pseudonym/nick.

  9. In the case of using the service, the selection of supplementation, the Customer provides:

    1. e-mail;
    2. weight;
    3. height;
    4. age;
    5. information on previously used dietary supplements.
  10. During the Website browsing additional information may be collected such as IP address assigned to User's computer or external IP address of your ISP's, domain name, browser type, time of access, the type of operating system.
  11. Also, navigation data may be collected from the Customers, including information on links and references they click or other activities undertaken by them in our Online Store. Legal grounds- legitimate interests (article 6 sec. 1 letter f of GDPR) in form of facilitation of use of services rendered by electronic means and improvement of functionality of such services.
  12. To determine, exercise and enforce claims, come personal data provided by the Customer when using functionalities of the Online Store may be provided, such as: name, surname, information about use of services, if claims result from the manner of user of services by the Customer, other data necessary to prove existence of claim, including the volume of suffered losses. Legal grounds- legitimate interests (article 6 sec. 1 letter f of GDPR) in form of determination, exercising and enforcement of claims and defence against claims in litigation and proceeding in front of other public authorities.
  13. Personal data are provided to SFD SPÓŁKA AKCYJNA on voluntary basis in relation to concluded sales contracts or services rendered via the Online Store Website, provided that, however, without data specified in the data forms in the Registration process, Registration and establishment of a Customer Account is not possible, and if orders are placed without Registration of Customer Account, placement and fulfilment of Customer order will be impossible.

III. Term of Personal Data Processing

  1. In compliance with the applicable legal provisions, we process your personal data for a term of time that is necessary to meet the designated purpose. After such term, the personal data of Customers will be irrevocably deleted or destroyed.
  2. Personal data processed covered by the consent statement will be processed until the consent is revoked.
  3. We process personal data during the term of the agreement, as well as during a period of expiry of claims resulting from the provisions of the Polish Civil Code.

IV. To whom are data disclosed or provided and how long are they stored?

  1. Customer’s personal data are provided to providers of services used by SFD SPÓŁKA AKCYJNA when operating the Online Store depending on contractual arrangements and circumstances, they are either subject to SFD SPÓŁKA AKCYJNA’s instructions about manners and ways of data processing (processors) or they define purposes and manners of processing on their own (data controllers).

    1. Processors. SFD SPÓŁKA AKCYJNA uses services of providers processing data on SFD SPÓŁKA AKCYJNA’s request only. They include for instance hosting providers, accounting services, providers of marketing systems, systems of traffic analysis in the Online Store, systems for analysis of marketing campaign efficiency;
    2. Controllers. SFD SPÓŁKA AKCYJNA uses services of providers that do not act on request only, but they define the objectives and manners of use of Customers’ personal data. They render electronic payment and banking services.
  2. Localisation. The service providers are mainly based in Poland and other countries of the European Economic Area (EEA). Some of the suppliers are based outside the EEA. In connection with the transfer of data outside the EEA, the Controller made sure that the suppliers guaranteed a high level of personal data protection. The supplier guarantees result, in particular, from the obligation to use standard contractual clauses adopted by the Commission (EU) or participation in the Data Privacy Framework Programme.
  3. If the Customer selects payment via the PayU system, his/her personal data are transferred in the scope necessary for execution of the payment to PayU S.A. with its registered office in Poznań (60-324 Poznań, ul. Grunwaldzka 182) entered into the Register of Entrepreneurs kept by the District Court of Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS no.: 0000274399.
  4. Navigational Data may be used to provide better services for Users, perform analyses of statistical data and adjust the Website to Users’ preferences and to administer with the Website.
  5. In case of subscription of the newsletter, SFD SPÓŁKA AKCYJNA will send emails with commercial information about promotions and new products available in the store to customer's e-mail.
  6. In case of a respective request, SFD SPÓŁKA AKCYJNA discloses personal data to authorised state authorities, in particular to organisational units of the prosecutor’s office, the Police, the Chairperson of the Personal Data Protection Office, the Chairperson of the Office of Competition and Consumer Protection or the Chairperson of the Office of Electronic Communications.

V. Services tailored to preferences and interests (profiling)

  1. Profiling means any form of automated processing of personal data, which involves the use of personal data to assess some of the given person's personal factors, in particular to analyse or forecast aspects concerning the effects of the work of that individual, his/her economic situation, health, personal preferences, interests, credibility, behaviour, location or movement.
  2. Customers' personal data may be processed in an automated manner (profiling), however, it will not cause any legal effects or have a significant effect on the situation of clients.
  3. Personal data profiling consists in the processing of customer data in an automated and manual manner, by using them to assess certain customer information, in particular to analyse or forecast its personal preferences and interests.
  4. In order to reach the Customer with marketing messages outside of the Online Store Website, services of external suppliers are used. These services consist in displaying marketing messages on other websites than the Online Store Website. For this purpose, external providers install, for example, the appropriate code or pixel to download information about customer activity on the Online Store Website. Details regarding the use of cookies can be found in VIII. Legal basis - a legitimate interest (Article 6 sec. 1 of GDPR), consisting in matching marketing messages to preferences and interests of a customer.
  5. In order to reach the Customer with marketing messages via the Online Store Website, SFD SPÓŁKA AKCYJNA uses its own cookie mechanisms and the WebStorage mechanism to download information about the Customer's activity on the Online Store Website. Details on the cookies used can be found in VIII. Legal basis - legitimate interest (Article 6 sec. 1 letter f of GDPR), consisting in adjusting marketing messages to preferences and interests.

VI. Security management – the password

  1. SFD SPÓŁKA AKCYJNA ensures safe and encrypted connection to the Customers during transfer of personal data and logging to the Customer Account on the Portal. SFD SPÓŁKA AKCYJNA uses SSL certificate issued by one of the world leaders in respect to security and encryption of data sent via the Internet.
  2. In any case of loss of the password to the Customer’s account in the Online Shop, generating a new password shall be available. SFD SPÓŁKA AKCYJNA shall not send any password reminder. The Customer’s encrypted password is stored in database in non-readable form. In order to generate a new password, e-mail address shall be entered to the form available at „Forget your password?”, given in log-in form in the Online Shop. SFD SPÓŁKA AKCYJNA will be sent an e-mail with a unique redirecting to the Online Shop, after selecting the user will be able to choose a new password.
  3. SFD SPÓŁKA AKCYJNA shall never ask the Customer to provide him with access to the login or password in any form.

VII. Rights of data subjects

  1. The right to withdraw consent – legal ground: article 7 sec. 3 of GDPR.

    1. The Customer has a right to withdraw consent granted to SFD SPÓŁKA AKCYJNA.
    2. Withdrawal of consent shall be effective as the time of withdrawal.
    3. Withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.
    4. Withdrawal of consent shall not entail any negative consequences for the Customer but may prevent them from further use of services of functionalities, which may be lawfully provided by SFD SPÓŁKA AKCYJNA only upon consent of the Customer.

  2. Right to object to personal data processing - legal ground: article 21 of GDPR.

    1. The Customer shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, including profiling, if SFD SPÓŁKA AKCYJNA processes their data on the basis of a legitimate interest, such e.g. marketing of SFD SPÓŁKA AKCYJNA’s products and services, statistic concerning use of individual functionalities of the Online Store and facilitation of use of the Online Store, and Customer satisfaction surveys;
    2. An e-mail resignation from marketing communications on products or services will mean the Customer’s objection to processing of their personal data, including profiling for those purposes;
    3. If the Customer’s objection is reasonable and SFD SPÓŁKA AKCYJNA has no other legal grounds to process personal data, the Customer’s personal data, whose processing has been objected by the Customer, will be deleted.

  3. Right to erasure (“right to be forgotten”) - legal ground: article 17 of GDPR.

    1. The Customer has the right to demand erasure of all or some personal data;
    2. The Customer has the right to demand the erasure of some personal data, if:
    1. the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
    2. the Customer has withdrawn consent in the scope in which personal data have been processed on the basis of their consent;
    3. the Customer has objected to use of their data for marketing purposes;
    4. the personal data are unlawfully processed;
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which SFD SPÓŁKA AKCYJNA is subject;
    6. the personal data have been collected in relation to the offer of information society services.
    1. Despite of demand of erasure of personal data in relation to an objection or withdrawal of consent, SFD SPÓŁKA AKCYJNA may retain some full personal data in the scope, in which processing is necessary for determination, claiming or defence against claims, and for fulfilment of the legal obligation requiring data processing under the legislation of the European Union or a Member State to which SFD SPÓŁKA AKCYJNA is subject. It refers in particular to: name, surname, e-mail address, which are retained for the purpose of examination of complaints and claims related to use of SFD SPÓŁKA AKCYJNA services, or additionally an address of residence/ correspondences, order number, which are retained for the purpose of examination of complaints and claims related to concluded sales agreements or service agreements.

  4. Right to restriction of processing- legal ground: article 18 of GDPR.

    1. The Customer shall have the right to obtain from the controller restriction of their personal data processing. Submission of such demand, until its examination, prevents the use of specified functionalities or services, the use of which would be related with processing of personal data subject to such demand. Moreover, SFD SPÓŁKA AKCYJNA will not send any message, including marketing communications.
    2. The Customer shall have the right to demand restriction of their personal data processing in the following cases:
    1. when he questions the correctness of his personal data - then the SFD SPÓŁKA AKCYJNA limits their use for the time needed to verify the correctness of the data;
    2. When data processing is unlawful and the Customer demands restriction of their use instead of their erasure;
    3. When personal data are no longer necessary for the purposes of their collection or use, but they are needed by the Customer in order to determine, exercise or defend claims;
    4. When the Customer objected to proceeding of their data- then the restriction is introduced for a period necessary to consider whether, due to exceptional circumstances – protection of the Customer’s interests, rights and freedoms prevails over the interests, which are exercise by the Controller when proceeding Customer’s personal data.

  5. Right of access to data - legal ground: article 15 of GDPR.

    1. The Customer shall have the right to obtain a confirmation from the Controller, whether or not it processes personal data, and if yes, the Customer shall have the right to:
    1. obtain access to their personal data;
    2. obtain information on the purposes of the processing, the categories of processes personal data, the recipients or categories of recipients of such data, the envisaged period for which the personal data will be stored or the criteria used to determine that period (if determination of the planned period of data processing is not possible), on Customer’s rights under the GDPR and the right to lodge a complaint with a supervisory authority, on the source of such data, automated decision-making, including profiling and security devices applied due to the transfer of such data outside the European Union;
    3. obtain copies of their personal data.

  6. Right to rectification - legal ground: article 16 of GDPR

    1. The Customer shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning the Customer. Taking into account the purposes of the processing, the Customer shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement, sending the respective request to the e-mail address in compliance with of the Privacy Policy.

  7. Right to data portability- legal ground: article 20 of GDPR.

    1. The Customer shall have the right to obtain their personal data, which were provided to the Controller, and then to send them to another data controller selected by the Customer. The Customer shall have the right to demand that such personal data are sent directly by us to another data controller, if this is technically feasible. In such case the Controller shall sent the Customer’s personal data in a csv file, which is a commonly used machine-readable format, allowing transfer of processed data to another data controller.
  8. If the Customer wishes to exercise any of the foregoing rights, SFD SPÓŁKA AKCYJNA fulfils a request or refuses to fulfil it promptly, but no later than within a month of its receipt. If, however, due to a complex nature of a demand or a number of demands SFD SPÓŁKA AKCYJNA is not able to fulfil demand within one month, it shall fulfil it during the following two months, notifying the Customer earlier within a month from receipt of the demand on the intended prolongation of the period and about own activities.
  9. The Customer may file complaints, questions or requests concerning processing of their personal data and execution of this right.
  10. The Customer has the right to demand that SFD SPÓŁKA AKCYJNA provides copies of standard contractual clauses, sending a request in the was define in of the Privacy Policy.
  11. The Customer shall have the right to lodge a complaint regarding the processing of your personal data with the supervisory authority: Poland: the President of the Personal Data Protection Office, ul. Stanisława Moniuszki 1A, 00-014 Warsaw, [email protected].

VIII. Cookies

  1. The Website uses small files called cookies. They are recorded by SFD SPÓŁKA AKCYJNA Website on a computer of a visitor to the Website, if a web browser allows so. Cookie file usually contains a name of domain, where it comes from, its expiry time and an individual random number that identifies such file. Information collected by means of such type of files allow to adjust services offered by SFD SPÓŁKA AKCYJNA to individual preferences and actual needs of visitors at the Website. It gives also an opportunity to work out general statistics of hits into information presented at the Website.

  2. SFD SPÓŁKA AKCYJNA uses two types of cookie files:

    1. Session cookie: recorded information is deleted from memory of a device after an end of a session of a given web browser or after a computer is turned off. Session cookie mechanism does not allow for collection of any personal data and other confidential information from User’s computer.
    2. Persistent cookie: they are kept on User’s hard disk drive until they are deleted. Persistent cookie mechanism does not allow to collect any personal information or any confidential information from users computer.

  3. Depending on their purpose, we distinguish between the following types of cookies:

    1. essential: necessary for the website to function properly – processed on the basis of the controller’s legitimate interest (Article 6(1)(f) of the GDPR);
    2. statistical: these enable us to monitor website traffic, understand our users’ preferences, analyse their behaviour on the website, and facilitate interactions with external networks and platforms – cookies processed on the basis of the user’s voluntary consent (Article 6(1)(a) of the GDPR);
    3. marketing: these allow us to tailor the advertisements and content displayed to our users’ preferences and to run personalised marketing campaigns – files processed on the basis of the user’s voluntary consent (Article 6(1)(a) of the GDPR).

  4. SFD SPÓŁKA AKCYJNA uses its own cookies for:

    1. authentication in the Website and to ensure the User session in the Website (after logging in), through which the user does not have on every page to retype your login and password;
    2. analyses and surveys and audits audience, and in particular to create anonymous statistics that help to understand how customers use the Website, which allows improvement of its structure and content.

  5. SFD SPÓŁKA AKCYJNA uses external cookies to:

    1. popularise the Online Store using the social networking service of facebook.com (controller of third-party Cookies: Meta Platforms Ireland Limited, with its registered office in Ireland);
    2. present advertising tailored to the Customer's preferences by means of the online advertising tool of facebook.com (controller of third-party Cookies: Meta Platforms Ireland Limited, with its registered office in Ireland);
    3. present advertising tailored to the Customer's preferences by means of the Google Ads online advertising tool (controller of third-party Cookies: Google Ireland Limited, with its registered office in Ireland);
    4. The presentation of multimedia content on the Shop's websites, which is downloaded from the external website www.youtube.com (external cookie controller: Google Ireland Limited, based in Ireland);
    5. collect general and anonymous statistical data through Google Analytics (administrator of external cookies: Google Inc seated in the Ireland);
    6. Collection and analysis of data on individuals’ preferences and purchasing decisions for the purpose of compiling statistics and optimising marketing activities, as well as to inform customers of changes to the Terms and Conditions (external cookie provider: BloomReach, Inc., based in Mountain View, United States);
    7. the display of advertisements tailored to the customer’s preferences using the Criteo web tool (external cookie administrator: Criteo SA, based in France);
    8. the display of advertisements tailored to the customer’s preferences using the online advertising tool Microsoft Advertising (external cookie administrator: Microsoft Ireland Operations Limited, based in Ireland) – detailed information – https://privacy.microsoft.com/de-de/privacystatement;
    9. to analyse visitor behaviour in the online shop using the Microsoft Activity Mapping tool (external cookie administrator: Microsoft Ireland Operations Limited, based in Ireland) – detailed information – https://privacy.microsoft.com/de-de/privacystatement.
    10. Display of advertisements as part of a targeted marketing campaign for a specific audience via the remarketing tool within the Microsoft advertising system (external cookie administrator: Microsoft Ireland Operations Limited, based in Ireland) – detailed information – https://privacy.microsoft.com/de-de/privacystatement.
    11. Freshworks (https://www.freshworks.com/pl/), a tool to support customer service in handling email enquiries – Freshworks Inc., 16192 Coastal Highway, Lewes, Delaware 19958, USA.
  6. The cookie mechanism is safe for computers of the Website’s Users. In particular this way does not give a possibility for viruses or other unwanted or malicious software to enter your computers. Still, Users have an option in their web browsers to limit or switch off the access of cookie files to their computers. If you use this option, you may still use the Website except functions that due to their nature require cookies.

  7. Below you can find how to change the settings for web browsers on the use of cookies:

    1. Chrome;
    2. Facebook in-app Browser;
    3. Internet Explorer;
    4. Microsoft EDGE;
    5. Mozilla Firefox;
    6. Opera;
    7. Safari;
    8. Samsung Browser.
  8. SFD SPÓŁKA AKCYJNA may collect your IP address. IP address is a number assigned to the computer of a website visitor by your ISP. IP number allows you to access the Internet. In most cases, the computer is assigned dynamically, ie it changes every time you connect to the Internet and therefore is widely regarded as a non-personally identifying information. The IP address is used by SFD SPÓŁKA AKCYJNA in diagnosing technical problems with the server, creating a statistical analysis (eg determining regions from which we note the most visits), as information useful in administering and improving the Website, as well as for security purposes and the possible identification of aggravating server unwanted automatic programs for viewing Website content.
  9. The Website contains links and hyperlinks to other web pages. SFD SPÓŁKA AKCYJNA shall not be responsible for privacy policies in force therein.
Download Statute
The site uses cookie files

The site uses cookie files in order to provide services in accordance with Cookies policy . You can personally determine cookie storage or access terms in your browser.