Let’s start with who you’re dealing with. The website’s admin is Anna Grzywacz, Postfach 8046 Zurich, Switzerland. In case of any doubts or questions, send me a message at anka[at]lovesexbaby.com
Summary – the most important things
I value your privacy but also your time. That’s why I’ve prepared a summary of major points related to privacy protection.
- When signing up as a user on this website, making an order in the shop, registering for the newsletter, making a complaint, withdrawing from an agreement or just getting in touch, you send me your personal data and I guarantee that the data will be regarded as confidential, secure and will not be sent to any third parties without your explicit consent.
- Data processing takes place only through trusted entities which provide such services.
- I use analytical tools by Google Analytics which collect information about your site visits, including which pages you visited, how much time you spent there or how you navigated through the site. To do that, cookie files by Google LLC are used as part of Google Analytics service. I’ve provided a mechanism to manage cookies so that you can decide if I can use the marketing functions of Google Analytics or not during your visit.
- I embed videos from YouTube on the site. While watching those videos cookies from Google LLC are used for the YouTube service.
- I provide social functionalities on my website, for example the option to share content on social media or to subscribe to social media profiles. Using these functions is connected to cookies from relevant social providers such as Facebook, Instagram, Xing, YouTube, Twitter or LinkedIn.
If the above information is insufficient for you, you will find more details below.
The administrator of your personal data according to the Swiss Federal Act on Data Protection is Anna Grzywacz, Postfach 8046 Zurich, Switzerland.
The objectives, legal basis and personal data processing periods are indicated separately for each data processing objective (see: The objectives and actions of data processing).
According to the EU General Data Protection Regulation (hereinafter referred to as: GDPR) you have the following rights with regard to the protection of your personal data:
- the right to access your personal data,
- the right to rectify your personal data,
- the right to erase your personal data,
- the right to restrict the processing of personal data,
- the right to protest against the processing of personal data,
- the right to portability of data,
- the right to file a complaint to a regulatory body,
- the right to revoke your permission for the processing of personal data if you have granted it before.
The exercise of the above rights has been described in detail in Articles 16-21 of the GDPR. I recommend that you make yourself acquainted with them. On my part I would like to clarify that the rights described above are not absolute and may not be equally applied to all personal data processing activities. For your convenience I've made sure to explain which rights you have for a particular operation of personal data processing.
I would like to stress, however, that there is one right that you will always have – should you decide that I’ve breached the regulations concerning personal data processing, you may file a complaint to the relevant regulatory body (The Federal Data Protection and Information Commissioner).
I guarantee the confidentiality of any personal data you provide. I take the necessary steps required by the regulations on data protection in order to secure and protect your personal data. Personal data is collected with due diligence and protected against unauthorized access.
The list of data processing entities:
I have requested the following entities to process personal data on my behalf:
- H88 S.A. (Linuxpl) – for the purpose of storing personal data on the server,
- MailerLite – for the purpose of using a mailing system in which your data is processed if you signed up for my newsletter.
All entities I entrust with data processing guarantee using the relevant means of protection and security for personal data as required by regulations.
The objectives and actions of data processing
User account. By signing up for a user account you must provide your e-mail address and define the password. Submitting your personal data is voluntary but necessary to register for an account. You may edit your profile further by adding more data, such as, name and last name, billing address or delivery address. Providing the data is voluntary. You may have an account without providing those details. Should you wish to submit an order, you may have to type the information manually later.
The data you provide for the user account is used solely for the purpose of maintaining the account and to enable the usage thereof. Adding more details in your user account is aimed at making the ordering process easier in the shop by giving you the option of having a pre-filled order form.
The legal basis for the processing of your user account personal data is the performance of the contract for account maintenance based on the Terms and Conditions of the online shop and website – Article 6 section 1(b) of GDPR.
The data collected in the user account is processed through the Wordpress system and kept on the server of Linuxpl.
Your personal data will be processed as part of your account for as long as you maintain that user account. Once you delete your account, your data will be removed from the database except for the data concerning your placed orders.
You may access your personal data in your user account at any time by signing in to your account. Upon signing in you may modify your data at any time or delete it, except for the data concerning placed orders. You may also decide to delete your account at any time.
You have also the right to data portability for the data in your user account, in accordance with Article 20 of GDPR.
Orders. When submitting an order, you must provide data necessary for the processing thereof, this may include (depending on order type) your first and last name, billing address, delivery address, e-mail address, phone number. You provide your data voluntarily, but it is necessary for the processing of your order.
The data you submitted in connection with your order shall be processed for the purposes of fulfilling your order (Article 6 section 1 (b) GDPR), issuing an invoice (Article 6 section 1 (c) GDPR), adding the invoice to our accounting documentation (Article 6 section 1 (c) GDPR) and for statistical and archive purposes (Article 6 section 1 (f) GDPR).
The data contained in your order made in the shop shall be processed through the Wordpress system and kept on Linuxpl server.
If you have a user account, your order will be visible in order history.
Each order shall be documented by means of an invoice. Orders shall be registered in our internal database for statistical and archive purposes.
The order details shall be processed in the period necessary for fulfilling the order and thereafter until the final date for filing complaints concerning the contract has passed. Moreover, upon the end of that period the data may still be processed for statistical purposes. Please note that I am obliged to keep the invoices with your personal data for 5 years from the end of the tax year when the tax obligation arose.
You cannot correct the data provided for the purpose of placing an order, once the order has been fulfilled. Also, you may not disagree with data processing or demand the deletion of data included in invoices. Once the final date for filing complaints concerning the contract has passed, you may disagree with the processing of your data for statistical purposes and you may demand the deletion of your data from my database.
You have the right to portability of data with regard to data about your orders, in accordance with Article 20 of GDPR.
Newsletter. In order to subscribe for the newsletter you must provide your e-mail address and first name in an online form.
The data you provide when subscribing is used for the purpose of mailing the newsletter upon your consent (Article 6 section 1 (a) of GDPR).
Data is processed through a mailing system MailerLite and kept on its server. Data shall be processed during the lifetime of the newsletter unless you unsubscribe – in this case your data will be deleted from the database.
You may correct the data in the database at any time. You may also demand for it to be deleted by resigning from further receipt of the newsletter. You have the right to data portability according to Article 20 of GDPR.
Complaints and termination of the contract. Should you file a complaint or terminate the contract, you submit your personal data contained in the complaint or statement of termination. These may include (as appropriate) your name, first name, address, telephone number, e-mail and bank account number.
The data you provide for the purposes of filing the compliant or terminating the contract shall be used to carry out the complaint or contract termination procedure Article 6 section 1 (c) of GDPR).
The data shall be processed in the period necessary to complete the complaint or contract termination procedure. In addition, complaints and statements of termination of contract may be archived for statistical purposes.
You may not request to correct the data provided in the complaint or contract termination procedure. You may not object against the processing of data or demand its deletion until the final date for filing complaints concerning the contract has passed. Once that period ends you may object against our processing of your data for statistical purposes. You may also request the data to be deleted from our database.
E-mail communication. By contacting us via e-mail, including sending an inquiry via the contact form on the website, you are sharing your e-mail address with us as the message sender. In your message you may also choose to provide personal data.
In this case your data is being processed without direct contact. In accordance with Article 6 section 1 (a) of GDPR, it is implied that you consent to processing by initiating the communication. The legal basis for processing of data once the communication has ended is the justified need to archive the correspondence for internal purposes (Article 6 section 1 (c) of GDPR).
The correspondence may be archived, and we are not able to state definitely when it would be deleted. You have the right to demand to see the correspondence history with us (if it has been archived), to demand its deletion unless it has been archived in connection with our superior interest, such as protection against possible complaints on your part.
Cookies and other tracking technology
Cookies are small pieces of text which are stored on your end device (computer, tablet, smartphone) and can be read by our IT system.
Cookies are divided into proprietary cookies and third-party cookies.
Below you will find more details.
Proprietary cookies. We use proprietary cookies to ensure proper functioning of the website.
Third-party cookies. Our website, just like most modern websites, uses functionalities provided by third parties. This requires the use of third-party cookies. The use thereof is described below.
Marketing. We also use marketing tools, such as Facebook Pixel to show you ads. This is connected with using cookies from Facebook. You may manage your cookie preferences by deciding if we may use Facebook Pixel in your case or not.
On the website we embed videos from YouTube. While watching those videos, cookies from Google LLC for YouTube service are used.
We use the Disqus comments system. This is connected with using Disqus cookies.
Using the website requires sending requests to the server where the website is stored. Each request is stored in the server logs.
Logs include your IP address, date and time, browser and operating system information. The logs are saved and stored on the server.
The data stored in server logs is not associated with a particular user of the website and may not be used for identification purposes.
Server logs are supporting material for site administration and their content is only accessed by persons authorized as server admins.