Privacy Policy
Privacy Policy of Lola Lima Paper Co. Store
https://lolalimapaperco.com/
(the "Store")
Dear User!
We care about your privacy and want you to feel comfortable while using our services. Therefore, below we present the most important information about the principles of processing your personal data and the cookies used by our Store. This information has been prepared in accordance with the GDPR, i.e., the General Data Protection Regulation.
PERSONAL DATA ADMINISTRATOR
Agata Krzyszkowska, an entrepreneur operating under the business name Agata Krzyszkowska, entered into the Central Register and Information on Economic Activity maintained by the minister competent for economy and maintenance of the Central Register and Information on Economic Activity, Tax Identification Number (NIP) 7272689597, REGON number 100842813, Plac Rembowskiego 9/41 02-915 Warsaw.
If you wish to contact us regarding the processing of your personal data, please write to us at: hello@lolalimapaperco.com.
YOUR RIGHTS
You have the right to request:
- access to your personal data, including obtaining a copy of your data (Article 15 GDPR or - if applicable - Article 13(1)(f) GDPR),
- rectification of your data (Article 16 GDPR),
- erasure of your data (Article 17 GDPR),
- restriction of processing (Article 18 GDPR),
- data portability to another controller (Article 20 GDPR).
And also the right to:
- object at any time to the processing of your data:
- on grounds relating to your particular situation – to the processing of personal data concerning you, based on Article 6(1)(f) GDPR (i.e., on our legitimate interests) (Article 21(1) GDPR);
- where personal data are processed for direct marketing purposes, to the extent that it is related to such direct marketing (Article 21(2) GDPR).
Please contact us if you wish to exercise your rights. You can object to our use of cookies (which you can read about below) especially through the appropriate browser settings.
If you believe that your data is being processed unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office.
PERSONAL DATA AND PRIVACY
Below you will find detailed information on the processing of your data depending on the actions you take.
1. Placing an order in the Store
| For what purpose? | |
|---|---|
| fulfillment of your order | |
| On what basis? | |
| sales contract (Article 6(1)(b) GDPR) | legal obligation, particularly related to accounting and product safety, requiring us to process your personal data (Article 6(1)(c) GDPR) |
| How long? | |
| for the duration of the aforementioned contract | until our legal obligations expire |
| in addition, your data will be processed until the end of the period during which claims can be pursued – by you or by us (more information on this can be found in the last table of this section) |
|
| What happens if you do not provide data? | |
| you will not be able to place an order | |
2. Creating an account in the Store
| For what purpose? |
|---|
| performance of the contract for the provision of account services in the Store |
| On what basis? |
| contract for the provision of services (Article 6(1)(b) GDPR) |
| How long? |
| for the duration of the aforementioned contract |
| in addition, your data will be processed until the end of the period during which claims can be pursued – by you or by us (more information on this can be found in the last table of this section) |
| What happens if you do not provide data? |
| you will not be able to create an account and use its functions, such as viewing order history or checking order status |
3. Contacting us (e.g., to ask a question)
| For what purpose? | |
|---|---|
| handling your inquiries or reports | |
| On what basis? | |
| contract or actions taken at your request aimed at concluding it (Article 6(1)(b) GDPR) – if your inquiry or report concerns a contract to which we are or may be a party | our legitimate interest, consisting in processing your data to communicate with you (Article 6(1)(f) GDPR) – if your inquiry or report is not related to a contract |
| How long? | |
| for the duration of the binding contract or – if the contract is not concluded – until the end of the period for pursuing claims – see the last table of this section* | until the end of the period for pursuing claims – see the last table of this section – or until we acknowledge your objection to processing* |
| in addition, your data will be processed until the end of the period during which claims can be pursued – by you or by us (more information on this can be found in the last table of this section) |
|
| What happens if you do not provide data? | |
| we will not be able to respond to your inquiry or report | |
4. Concluding a contract for the provision of a free newsletter and a digital content bonus
| For what purpose? | |
|---|---|
| performance of the contract for the provision of a free newsletter and a digital content bonus | analysis of the effectiveness of messages sent by us, in order to establish general principles for effective sending and offering free content in our business (more information on this can be found in the "Analytical Activities" section of the Privacy Policy) |
| On what basis? | |
| contract for the provision of a free newsletter and a digital content bonus (Article 6(1)(b) GDPR) | our legitimate interest, consisting in processing data for the aforementioned purpose (Article 6(1)(f) GDPR) |
| How long? | |
| for the duration of the aforementioned contract | until we acknowledge your objection to processing |
| in addition, your data will be processed until the end of the period during which claims can be pursued – by you or us (more information on this can be found in the last table of this section) |
|
| What happens if you do not provide data? | |
| you will not receive information about the Store and our services; you will also not receive the free digital content bonus | |
5. Taking action or refraining from action that may lead to claims related to the Store or our services
| For what purpose? |
|---|
| establishment, exercise, or defense of potential claims related to the concluded contract or services provided |
| On what basis? |
| our legitimate interest, consisting in processing personal data for the purpose indicated above (Article 6(1)(f) GDPR) |
| How long? |
| until the expiry of the limitation period for claims or until we acknowledge your objection to processing* |
| What happens if you do not provide data? |
| inability to establish, exercise, or defend claims |
ANALYTICAL ACTIVITIES
If you express your wish to receive our newsletter, as well as a bonus in the form of free digital content, we may analyze the effectiveness of our mailing. For example, we may check if and how it affected activity in our Store. Such actions will help us establish general principles for sending such messages and offering free bonuses in our business - e.g., regarding optimal sending times or effective content formulation.
DATA SECURITY
When processing your personal data, we apply organizational and technical measures in accordance with applicable legal provisions, including the use of connection encryption with an SSL/TLS certificate.
COOKIES
Our Store, like most websites, uses so-called cookies. These files:
- are stored in your device's memory (computer, phone, etc.);
- do not cause changes in your device's settings.
In this Store, cookies are used for the purposes of:
- remembering your session
- statistics
- marketing
- providing Store functions
To learn how to manage cookies, including how to disable them in your browser, you can use your browser's help file. You can find information on this by pressing F1 in your browser. In addition, you can find relevant instructions on the following subpages, depending on the browser you use:
Below you will find information on the functions of the cookies we process and their validity period.
| cookie name | cookie validity period | cookie function |
|---|---|---|
| _ab | 1 year | Used to control when the admin bar is displayed on the store's website. |
| _abv | 1 year | Retains the minimized state of the admin bar. |
| _checkout_queue_token | 1 year | Used for queueing during the checkout process. |
| _cmp_a | 1 day | Used to manage customer privacy settings. |
| _identity_session | 2 years | Contains the user's identity session ID. |
| _master_udr | session duration | Persistent device identifier. |
| _pay_session | session duration | Rails session cookie for Shopify Pay. |
| _secure_account_session_id | 30 days | Used to track customer sessions for new customer accounts. |
| _session_id | 2 years | Used for reporting and analytics. |
| _shopify_country | 30 minutes | Used on Plus stores where currency/country is set by GeoIP to avoid additional GeoIP lookups. |
| _shopify_essential | 1 year | Contains essential information needed for the store to function correctly, such as session and checkout data. |
| _storefront_u | 1 minute | Used to facilitate updates to customer account information. |
| _tracking_consent | 1 year | Used to store a user's preferences if a merchant has set a privacy policy in the visitor's region. |
| auth_state_<> | 25 minutes | Stores the authentication state before redirecting customers to a third party for authentication. |
| card_update_verification_id | 20 minutes | Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during a purchase. |
| cart | 14 days | Contains information related to the user's cart. |
| cart_currency | 14 days | Used after completing a purchase to initialize a new empty cart with the same currency as previously used. |
| cart_sig | 14 minutes | Hash of cart contents. Used to verify cart integrity and ensure the performance of certain cart operations. |
| cart_ts | 14 days | Used in connection with checkout. |
| checkout | 21 days | Used in connection with checkout. |
| checkout_prefill | 5 minutes | Encrypts and stores URL parameters containing personal data used in direct cart links. |
| checkout_session_lookup | 21 days | Used in connection with checkout. |
| checkout_session_token_<> | 21 days | Used when a checkout session is established on the server. |
| checkout_token | session duration | Records the visitor's landing page when coming from other sites. |
| customer_account_locale | 1 year | Used to track customer account locale settings during redirects from checkout or the storefront to customer accounts. |
| customer_payment_method | 60 minutes | Stores information about an updated payment method for subscriptions. |
| customer_shop_pay_agreement | 20 minutes | Used to assist with the verification of a new Shop Pay payment instrument. |
| device_fp_id | session duration | Device fingerprint ID to help prevent fraud. |
| device_id | session duration | Session device ID to help prevent fraud. |
| discount_code | session duration | Stores a discount code (received when visiting the online store with a URL parameter) to be used for the next purchase. |
| dynamic_checkout_shown_on_cart | 30 minutes | Customizes the checkout experience for buyers using regular checkout versus dynamic checkout. |
| hide_shopify_pay_for_checkout | session duration | Set when a buyer dismisses the Shop Pay login modal during checkout, informing the buyer's display. |
| identity-state | 1 day | Stores state before redirecting customers for identity authentication. |
| identity-state-<> | 1 day | Stores state before redirecting customers for identity authentication. |
| identity_customer_account_number | 84 days | Stores an ID used to facilitate login across customer accounts and storefront domains. |
| keep_alive | session duration | Used when international domain redirection is enabled to determine if the request is the first in a session. |
| locale_bar_accepted | session duration | Retains information on whether the geolocation app modal has been accepted. |
| locale_bar_dismissed | 1 day | Retains information on whether the geolocation app modal has been dismissed. |
| localization | 14 days | Used to localize the cart to the appropriate country. |
| logged_in | 84 minutes | Identity login hint. |
| login_with_shop_finalize | 5 minutes | Used to facilitate Shop login. |
| master_device_id | 1 year | Persistent device identifier. |
| order | 21 days | Used to access buyer's order details page data. |
| pay_update_intent_id | 20 minutes | Stores the Shop Pay billing agreement update intent ID, required for callback after new Shop Pay payment instrument verification. |
| preview_theme | session duration | Used to indicate if a theme is being previewed. |
| previous_checkout_token | 1 year | Used to prefill checkout with data from a previous checkout. |
| previous_step | 1 year | Used in connection with the checkout process. |
| profile_preview_token | 5 minutes | Used to preview checkout extensibility. |
| receive-cookie-deprecation | session duration | A cookie set by Google to identify certain Chrome browsers affected by third-party cookie deprecation. |
| remember_me | 1 year | Used to prefill checkout with data from a previous checkout. |
| secure_customer_sig | 1 year | Used to identify the user after logging into the store as a customer so they don't have to log in again. |
| shop_pay_accelerated | 1 year | Indicates whether the buyer is eligible for accelerated checkout with Shop Pay. |
| shopify-editor-unconfirmed-settings | 960 minutes | Stores changes made by the merchant in the editor to update the preview. |
| shopify_pay | 1 year | Used to log the buyer into Shop Pay when they return to checkout on the same store. |
| shopify_pay_redirect | 1 year | Used to accelerate the checkout process when the buyer has a Shop Pay account. |
| storefront_digest | 1 year | Stores the storefront password hash, allowing merchants to preview their store when it is password protected. |
| tracked_start_checkout | 1 year | Used in connection with the checkout process. |
| user | 1 year | Used in connection with logging into the Store. |
| user_cross_site | 1 year | Used in connection with logging into the Store |
| wpm-domain-test | session duration | Used to test Shopify's Web Pixel Manager with a domain to ensure everything is working. |
By using the appropriate options of your browser, you can at any time:
- delete cookies,
- block the use of cookies in the future.
In such cases, we will no longer process them.
EXTERNAL SERVICES / DATA RECIPIENTS
We use the services of third parties that support us in our business operations. We entrust them with the processing of your data – these entities process data only on our documented instruction.
Below you will find a list of recipients of your data:
| ACTION | DATA RECIPIENTS | DATA TRANSFER OUTSIDE THE EUROPEAN UNION |
|---|---|---|
| any action in connection with the Store | sales software provider | not applicable |
| placing an order in the Store | payment provider | not applicable |
| entity delivering the product to you | not applicable | |
| standard office software provider (including email inbox) | not applicable | |
| accounting office | not applicable | |
| newsletter subscription or consent to receive marketing messages | entity providing newsletter or marketing message delivery | yes – United States of America ** |
| contacting us (e.g., asking a question) | standard office software provider (including email inbox) | not applicable |
And furthermore:
relevant public authorities to the extent we are obliged to provide them with data.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
** In connection with the above, your personal data may also be processed by entities outside the European Union. An adequate level of protection for your data, including through the application of appropriate safeguards, is ensured by:
- the participation of these entities in the so-called Data Privacy Framework, which is a program established by an implementing decision of the European Commission as a set of rules guaranteeing adequate protection of your privacy - in the case of entities from the United States of America
