Privacy policy
License number granted by Kreator Legal Geek: 92046e29-cc17-46a8-be69-0766e6b0c116.
Privacy Policy of the Shop Lola Lima Paper Co.
https://lolalimapaperco.com/
(“Shop”)
Dear User!
We care about your privacy and want you to feel comfortable while using our services. Therefore, below we present the most important information on the policy for the processing of your personal data and on cookies which are used by our Shop. This information has been prepared with regards to the GDPR, i.e. the general data protection regulation.
PERSONAL DATA CONTROLLER
Agata Krzyszkowska, an entrepreneur running a business under the business name Agata Krzyszkowska, entered into the Central Register and Information on Economic Activity kept by the minister competent for economy and keeping the Central Register and Information on Economic Activity, European Union VAT Identification Number PL7272689597, REGON (National Official Business Register number) 100842813, Plac Rembowskiego 9/41 02-915 Warszawa, Poland.
If you wish to contact us in relation to our processing of your personal data, please email us at: hello@lolalimapaperco.com.
YOUR RIGHTS
You have the right to request:
- access to your personal data, including obtaining a copy of your data (Article 15 of the GDPR or, if applicable, Article 13 sec. 1(f) of the GDPR),
- their rectification (Article 16 of the GDPR),
- erasure (Article 17 of the GDPR),
- restriction of their processing (Article 18 of the GDPR),
- the transfer of data to another controller (Article 20 of the GDPR),
and the right to:
-
object to the processing of your personal data at any time:
- on grounds relating to your particular situation - with regard to the processing of your personal data based on Article 6 sec. 1(f) of the GDPR (i.e. the legitimate interests pursued by us);
- if your personal data is processed for the purposes of direct marketing, to the extent that such processing is related to such direct marketing (Art. 21 sec. 2 of the GDPR).
Contact us if you wish to exercise your rights. You can object to our use of cookies (which you will read about below) in particular by using the appropriate settings on your browser.
If you consider that your data is being processed unlawfully, you can lodge a complaint with the competent data protection authority.
PERSONAL DATA AND PRIVACY
Your data is processed by us for purposes related to the operation of the Shop and the provision of the services offered therein. Below you will find detailed information on the processing of your data depending on your activities.
1. Placing an order in the Shop
| For what purpose do we process your data? | |
|---|---|
| to process your order | |
| On what basis do we process your data? | |
| a sales contract (Article 6 sec. 1(b) of the GDPR) | a legal obligation, particularly related to accounting and product safety, requiring us to process your personal data (Article 6(1)(c) of the GDPR) |
| For how long will we process your data? | |
| for the duration of the aforementioned contract | until the expiry of our legal obligations |
|
in addition, your data will be processed until the expiry of the period during which claims may be asserted - either by you or by us
(see the last table of this part for more information) |
|
| What happens if you do not provide the data? | |
| you will not be able to place an order | |
2. Creating an account in the Shop
| For what purpose do we process your data? |
|---|
| to execute a contract for the provision of an account in the Shop |
| On what basis do we process your data? |
| a contract for provision of services (Article 6 sec. 1(b) of the GDPR) |
| For how long will we process your data? |
| for the duration of the aforementioned contract |
|
in addition, your data will be processed until the expiry of the period during which claims may be asserted - either by you or by us
(see the last table of this part for more information) |
| What happens if you do not provide the data? |
| you will not be able to create an account and use its features, such as viewing your order history or checking your order status |
3. Contacting us (e.g. to ask a question)
| For what purpose do we process your data? | |
|---|---|
| to respond to your inquiries or requests | |
| On what basis do we process your data? | |
| a contract or actions taken at your request prior to entering into a contract (Article 6 sec. 1(b) of the GDPR) - if your enquiry or request relates to a contract to which we are or may be a party | our legitimate interest in processing your data for the purpose of communicating with you (Article 6 sec. 1(f) of the GDPR) - if your enquiry or request is not related to a contract |
| For how long will we process your data? | |
| for the duration of the contract binding us or, if no contract is concluded - until the expiry of the claim period - see the last table of this part | until the expiry of the claim period - see the last table in this part or until we have taken account of your objection to the processing* |
|
in addition, your data will be processed until the expiry of the period during which claims may be asserted - either by you or by us
(see the last table of this part for more information) |
|
| What happens if you do not provide the data? | |
| we will not be able to respond to your enquiry or request | |
4. Entering into a contract to provide a free newsletter and bonus digital content
| What for? | |
|---|---|
| to execute the contract for the provision of a free newsletter and bonus digital content |
to analyse the effectiveness of the messages we send, in order to establish general principles for effective messaging and offering free content in our business activity
(read more in the "Analytical activities" part of the Privacy Policy) |
| On what basis? | |
| a contract for the provision of a free newsletter and bonus digital content (Article 6 (1) (b) of the GDPR) |
our legitimate interest in processing the data for the purpose stated above
(Article 6 sec. 1(f) of the GDPR) |
| For how long? | |
| for the contract period | until we have taken account of your objection to the processing |
|
In addition, your data will be processed until the expiry of the period during which claims may be asserted - either by you or by us
(see the last table of this part for more information) |
|
| What happens if you do not provide your data? | |
| you will not be able to receive information regarding the Shop and our services; also, you will not receive a bonus digital content | |
5. Any act or omission which may give rise to a claim relating to the Shop or our services
| For what purpose do we process your data? |
|---|
| to establish, assert or defend possible claims relating to the contract concluded or the services provided |
| On what basis do we process your data? |
| our legitimate interest to process your personal data for the purpose stated above (Article 6 sec. 1(f) of the GDPR) |
| For how long will we process your data? |
| until the expiry of the claim period or until we take account of your objection to the data processing* |
| What happens if you do not provide the data? |
| inability to establish, assert or defend claims |
ANALYTICAL ACTIVITIES
If you wish to receive newsletter from us, as well as a bonus digital content, we may analyze the effectiveness of the mailing we have conducted. For example, we can check whether and how it affected activity in our Shop. Such activities will help us establish general rules for sending such messages and offering a free bonus in our business activity - for example, in terms of optimal sending hours or determining how to formulate effective content.
DATA SECURITY
When processing your personal data, we use organisational and technical means in accordance with applicable law, including the encryption of the connection using the SSL/TLS protocol.
COOKIES
Our Shop, like most websites, uses the so-called cookies. These cookies:
- are saved in the memory of your device (computer, telephone, etc.);
- do not change the settings of your device.
In our Shop, cookies are used for:
- saving your session,
- statistical purposes,
- marketing purposes,
- making the Shop functions available.
To learn how to manage cookies, including how to turn them off in your browser, you can use the help file of your browser. You can find out more about this by pressing F1 in your browser. In addition, appropriate tips can be found on the following pages, depending on the browser you are using:
Below you can find information on the functions of the cookies we process and their validity period.
| Cookie name | Validity period of the cookie | Cookie function |
|---|---|---|
| _ab | 1 year | Used to control when the admin bar is shown on the storefront. |
| _abv | 1 year | Persist the collapsed state of the admin bar. |
| _checkout_queue_token | 1 year | Used when there is a queue during the checkout process. |
| _cmp_a | 1 day | Used for managing customer privacy settings. |
| _identity_session | 2 years | Contains the identity session identifier of the user. |
| _master_udr | session duration | Permanent device identifier. |
| _pay_session | session duration | The Rails session cookie for Shopify Pay. |
| _secure_account_session_id | 30 days | Used to track a customer's session for new customer accounts. |
| _session_id | 2 years | Used for providing reporting and analytics. |
| _shopify_country | 30 minutes | Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request. |
| _shopify_essential | 1 year | Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data |
| _storefront_u | 1 minute | Used to facilitate updating customer account information. |
| _tracking_consent | 1 year | Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. |
| auth_state_<> | 25 minutes | Stores authentication state before redirecting customers to third party for authentication. |
| card_update_verification_id | 20 minutes | Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout. |
| cart | 14 days | Contains information related to the user's cart. |
| cart_currency | 14 days | Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used. |
| cart_sig | 14 minutes | A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations. |
| cart_ts | 14 days | Used in connection with checkout. |
| checkout | 21 days | Used in connection with checkout. |
| checkout_prefill | 5 minutes | Encrypts and stores URL parameters containing PII which are used in cart permalink URLs. |
| checkout_session_lookup | 21 days | Used in connection with checkout. |
| checkout_session_token_<> | 21 days | Used when a checkout session is established on the server. |
| checkout_token | session duration | Captures the landing page of the visitor when they come from other sites. |
| customer_account_locale | 1 year | Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts. |
| customer_payment_method | 60 minutes | Stores what payment method is being updated for subscriptions. |
| customer_shop_pay_agreement | 20 minutes | Used to help verify a new Shop Pay payment instrument. |
| device_fp_id | session duration | Device fingerprint identifier to help prevent fraud. |
| device_id | session duration | Session device identifier to help prevent fraud. |
| discount_code | session duration | Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout. |
| dynamic_checkout_shown_on_cart | 30 minutes | Adjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout. |
| hide_shopify_pay_for_checkout | session duration | Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer. |
| identity-state | 1 day | Stores state before redirecting customers to identity authentication. |
| identity-state-<> | 1 day | Stores state before redirecting customers to identity authentication. |
| identity_customer_account_number | 84 days | Stores an identifier used to facilitate login across the customer's account and storefront domains |
| keep_alive | session duration | Used when international domain redirection is enabled to determine if a request is the first one of a session. |
| locale_bar_accepted | session duration | Preserves if the modal from the geolocation app was accepted. |
| locale_bar_dismissed | 1 day | Preserves if the modal from the geolocation app was dismissed. |
| localization | 14 days | Used to localize the cart to the correct country. |
| logged_in | 84 minutes | Identity logged-in hint. |
| login_with_shop_finalize | 5 minutes | Used to facilitate login with Shop. |
| master_device_id | 1 year | Permanent device identifier. |
| order | 21 days | Used to allow access to the data of the order details page of the buyer. |
| pay_update_intent_id | 20 minutes | Stores an ID of a Shop Pay billing agreement update intent, required for a callback after verifying a new Shop Pay payment instrument. |
| preview_theme | session duration | Used to indicate whether the theme is being previewed |
| previous_checkout_token | 1 year | Used to prefill checkout with the details from the previous checkout. |
| previous_step | 1 year | Used in connection with checkout. |
| profile_preview_token | 5 minutes | Used for previewing checkout extensibility. |
| receive-cookie-deprecation | session duration | A cookie specified by Google to identify certain Chrome browsers affected by the third-party cookie deprecation |
| remember_me | 1 year | Used to prefill checkout with the details from the previous checkout |
| secure_customer_sig | 1 year | Used to identify a user after they sign into a shop as a customer so they do not need |
| shop_pay_accelerated | 1 year | Indicates if a buyer is eligible for Shop Pay accelerated checkout. |
| shopify-editor-unconfirmed-settings | 960 minutes | Stores changes merchant does in the editor to update the preview. |
| shopify_pay | 1 year | Used to log in a buyer into Shop Pay when they come back to checkout on the same store. |
| shopify_pay_redirect | 1 year | Used to accelerate the checkout process when the buyer has a Shop Pay account. |
| storefront_digest | 1 year | Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. |
| tracked_start_checkout | 1 year | Used in connection with checkout. |
| user | 1 year | Used in connection with Shop login. |
| user_cross_site | 1 year | Used in connection with Shop login. |
| wpm-domain-test | session duration | Used to test Shopify's Web Pixel Manager with the domain to make sure everything is working |
Using appropriate options of your browser, you can at any time:
- delete cookies,
- block the use of cookies in the future.
In such cases, we will no longer process them.
EXTERNAL SERVICES / DATA RECIPIENTS
We use external services to help us in our business. We entrust them with the processing of your data - these processors only process data upon our documented request.
Below you will find a list of the recipients of your data:
| ACTION | DATA RECIPIENTS | TRANSFERS OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION |
|---|---|---|
| any action connected with the Shop | sales software provider | does not take place |
| placing an order in the Shop | payment processor | does not take place |
| entity supplying the product to you | does not take place | |
| provider of the standard office software (including email boxes) | does not take place | |
| accounting office | does not take place | |
| subscribing to the newsletter or consent to marketing | entity providing newsletter or marketing messaging services | yes – the USA ** |
| contacting us (e.g. to ask a question) | provider of the standard office software (including email boxes) | does not take place |
Additionally:
relevant public authorities to the extent that we are required to provide them with the data.
TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
** As such, your personal data may also be processed by entities outside the European Union. An adequate level of protection of your data, including through the application of appropriate safeguards, is ensured by:
- the participation of these entities in the Data Privacy Framework, a program established by the implementing decision of the European Commission as a set of principles that guarantee adequate privacy protection - in the case of entities from the United States