Privacy Policy at Mila Italian Style s.a.
§1 General Provisions
- By using our services, you entrust us with your personal information. This Privacy Policy is intended solely to help you understand what information and data we collect and for what purposes we use it. This data is very important to us, so please read this document carefully, as it sets out the rules and methods for processing and protecting personal data. This document also sets out the rules for the use of “Cookies”.
- We hereby declare that we comply with the principles of personal data protection and all legal regulations set forth in the Personal Data Protection Act and Regulation 2016/679 of the European Parliament and of the Council (EU) of April 27,
2016, on the protection of people in connection with the processing of personal data and on the free transfer of such data, and repealing Directive 95/46/WE. - The data subject whose personal data is being processed has the right to contact us to obtain comprehensive information on how we use their personal data. We always strive to clearly inform you about the data we collect, how we use it, the purposes for which it is intended, and to whom we disclose it; we also explain the protections we provide for this data when transferring it to other entities and provide information on the institutions to contact in case of any doubts.
- The Service uses technical measures such as: physical safeguards for personal data, hardware safeguards for IT and telecommunications infrastructure, safeguards within software tools and databases, and organizational measures to ensure the proper protection of the personal data being processed, and in particular, they protect personal data against disclosure to unauthorized third parties, access by an unauthorized person, and use for unknown purposes, as well as accidental or intentional alteration, loss, damage, or destruction of such data.
- In accordance with the terms set forth in particular in the General Terms and Conditions of Sale and in this document, we have exclusive access to the data. Access to personal data may also be granted to other entities through which payments are made, which collect, process, and store personal data in acordance with their own Terms and Conditions, as well as to entities responsible for fulfilling the order. Access to personal data is granted to the aforementioned entities to the extent
necessary and only to the extent that ensures the provision of service. - Personal data is processed only for the purposes to which you have agreed by clicking the appropriate checkboxes on the form posted on the Website or by other means. The legal basis for the processing of your personal data is your consent to the processing or the necessity to perform a service (e.g., ordering a product or service), in accordance with Article 6(1)(a) and (b) of Regulation – of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of people with regard to the processing of personal data and on the free transfer of such data, and repealing Directive 95/46/WE (General Data Protection Regulation) – RODO.
§2 Terms of Privacy
- We take privacy seriously. We are committed to respecting privacy and providing the most comprehensive and guaranteed convenience possible when using our services.
- We value the trust our Users show us by entrusting us with their personal data to fulfill their orders. We always use personal data fairly and in a way that does not betray that trust, only to the extent necessary to fulfill the order, including its processing.
- You have the right to receive clear and complete information about how we use your personal data and for what purposes it is needed. We always clearly inform you about the data we collect, how and to whom we transfer it, and provide information about the entities to contact in case of doubts, questions, or comments.
- If you have any questions regarding our use of your personal data, we will take immediate action to address them and provide full and comprehensive answers to all related issues.
- We will take all reasonable steps to protect Users’ data from improper and unauthorized use and to secure it comprehensively.
- The data administrator is Mila Italian Style S.A. (hereinafter: the Company), with its’ registered office at 59a Julianowska Street, 05-500 Piaseczno. As the administrator, we are responsible for the security of the processed data. The administrator can be contacted at the address provided and via e-mail at www.mila-furniture.com
- The legal basis for the processing of your personal data is Article 6(1)(b) of the RODO (General Data Protection Regulation).
Providing your data is not mandatory, but it is necessary for us to take the appropriate steps leading up to the conclusion of the contract and its performance. We will transfer your personal data to other recipients who have been entrusted with processing personal data on our behalf and for our benefit. Your data will be transferred in accordance with Article 6(1)(f) of the RODO, where the legitimate interest is the proper performance of contracts/orders. In addition, we will share your personal data with other business partners. We store the collected personal data within the European Economic Area (“EEA”), but it may also be transferred to a country outside this area and processed there. Every transfer of personal data is carried out in accordance with applicable law. If data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards for countries where the European Commission has not determined an adequate level
of data protection. - Your personal data related to the conclusion and performance of contracts will be processed for the duration of their performance, as well as for a period not exceeding the time limits set forth by law, including the provisions of the Civil Code and the Accounting Act, i.e., no longer than 10 years from the end of the calendar year in which the last contract was performed.
- Your personal data processed for the purpose of concluding and performing future contracts will be processed until you object.
- You have the right to: access your personal data and receive a copy of the personal data subject to processing; correct your inaccurate data; request the erasure of your data (the right to be forgotten) in the circumstances provided for in Article 17 of the RODO; request restriction of data processing in the cases specified in Article 18 of the RODO, object to data processing in the cases specified in Article 21 of the RODO, and transfer the data provided, which is processed by automated means.
- If you believe that your personal data is being processed unlawfully, you may file a complaint with the supervisory authority (Office for Personal Data Protection, 2 Stawki St., Warsaw). If you need additional information regarding the protection of personal data or wish to exert your rights, please contact us by mail at our mailing address.
- We make every effort to protect the information in our possession from unauthorized access, unauthorized modification, disclosure, and destruction. In particular:
a) We control the methods of gathering, storing, and processing information, including physical security measures, to protect against unauthorized access to the system.
b) We grant access to personal data only to those employees, contractors, and representatives who need to access it.
Furthermore, they are contractually obligated to maintain strict confidentiality, to allow us to monitor and verify their compliance with their duties, and may face consequences for failing to meet these obligations. - We will comply with all applicable data protection laws and regulations and will cooperate with data protection authorities and authorized law enforcement agencies. In the absence of specific data protection laws, we will act in accordance with generally accepted data protection principles, social norms, and established customs.
- The specific procedures for protecting personal data are set forth in the personal data protection policy (ODO: security policy, personal data protection regulations, IT system management manual) For security reasons, due to the procedures described therein, this policy is available for review only by state supervisory authorities.
- If you have any questions regarding how we handle personal data, please contact us via the website from which you were redirected to this Privacy Policy. Your request will be immediately forwarded to the appropriate designated person.
- You always have the right to notify us if:
a) you no longer wish to receive any information or messages from us;
b) you wish to receive a copy of your personal data that we possess;
c) correct, update, or delete your personal data stored in our files;
d) wish to report violations, misuse, or unlawful processing of your personal data. - To help us respond to or address the information provided, please include your first and last name along with further details.
§3 Scope and Purpose of Personal Data Collection
- The administrator processes data from the following categories of subjects:
a) CUSTOMERS. If you are our customer, your data is processed for the purpose of providing the products and services offered by the Company, based on the contract concluded. The Company will process your data for the duration of the contract and for the investigation and defence against claims arising therefrom (until the statute of limitations expires), and with respect to invoices and other accounting documents, for as long as required by law – in accordance with the current legal framework – for five full years.
b) PEOPLE INTERESTED IN A PARTNERSHIP. If you are interested in partnering with us and, for example, have contacted us via e-mail, your data is processed on the basis of the Company’s legitimate interest, for the purpose
of archiving of correspondence and responses provided (when not related to concluded contracts), i.e., for a period not exceeding 3 years from the date of data collection.
c) CONTRACTORS (INDIVIDUALS AND BUSINESSES). If you are our business partner and a contract has been concluded, your data is processed for the purpose of performing that contract, as well as to comply with legal obligations (e.g., the Accounting Act). The legal basis for processing this data is the conclusion and performance of the contract and applicable laws. The company will process your data for the duration of the contract and for the purpose of investigating and defending against claims arising from it (until the statute of limitations expires), and with reference to invoices and other accounting documents, for as long as required by law – in accordance with the current legal framework, five full years.
d) DATA ON JOB APPLICANTS. If you are a job applicant at the Company, we process your data for the purpose of employee recruitment, based on your consent. The Company will process this data for the duration of the recruitment process.
e) DATA ON EMPLOYEES AND CONTRACTORS. If you are our employee or contractor, your data is processed for the purpose of employment, based on legal provisions (e.g., the Labor Code) or based on the concluded contract. The data retention period is determined by law.
f) OTHER DATA ENTRUSTED TO THE COMPANY FOR THE PURPOSE OF PERFORMING COOPERATION CONTRACTS. The Company may process data for which it is not the controller only on the basis of cooperation contracts and for the purposes and within the scope specified in those contracts. - We process the necessary personal data for the purpose of providing services and for accounting purposes, and only for such purposes, namely:
a) to place an order,
b) to conclude a contract, file a complaint, or withdraw from a contract,
c) to issue a VAT invoice or other receipt,
d) monitoring activity on our website,
e) collecting anonymous statistics to determine how users use our website,
f) determining the number of anonymous users of our websites,
g) monitoring how often selected content is shown to users and which content is shown most frequently,
h) monitoring how often users select a given service or from which service contact most frequently occurs,
i) analysing newsletter subscriptions and contact options,
j) using a personalized recommendation system for e-commerce,
k) using a tool for communication via e-mail and, subsequently, by phone,
l) integration with social media platforms,
m) potential online payments. - We gather, process, and keep the following use data:
a) first and last name,
b) residence address,
c) mailing address (if different from the residence address),
d) tax identification number (NIP),
e) e-mail address,
f) phone number (mobile, landline),
g) date of birth,
h) PESEL,
i) information about the web browser used,
j) other personal data voluntarily provided to us. - Providing the above information is entirely voluntary but also necessary for the full provision of our services.
- The purpose of our collecting, processing, or use of data:
a) direct marketing and archival purposes related to advertising campaigns,
b) fulfilling legal obligations by collecting information about undesirable activities. - We may transfer personal data to servers located outside the user’s country of residence or to affiliates or third parties based in other countries, including countries within the EEA (European Economic Area, EEA) EEA – a free trade zone and the Common Market, comprising the countries of the European Union and the European Free Trade Association (EFTA) for the purpose of processing personal data by such entities on our behalf in accordance with the provisions of this Privacy Policy and applicable laws, customs, and data protection regulations.
- We keep your personal data only for as long as necessary to provide quality service. Depending on how and why the data was collected, we retain it for the duration of the relevant process and, after its completion, for the following purposes:
a) to fulfill obligations under applicable laws, tax regulations, and accounting standards,
b) to prevent fraud or criminal activity,
c) statistical and archival purposes.
d) Marketing activities – for the duration of the contract, or upon separate consent to the processing of such data – until the end of activities related to transaction processing, until you object to such processing, or until you withdraw your consent.
e) Post-sale and promotional activities – e.g., contests, promotional campaigns – for the duration and settlement of such campaigns.
f) Operational activities – until the expiration of the obligations imposed by the RODO Regulation and relevant national
laws, for the purpose of demonstrating accountability in the processing of personal data
g) pursuing any claims related to the executed contract; - Please note that many countries to which this personal data is transferred do not have the same level of legal protection for personal data as the user’s country. Access to your personal data stored in another country is governed by the laws of that country; for example, courts, law enforcement agencies, and national security authorities may access such data in accordance with the laws of that country. Subject to lawful requests for disclosure, we commit to requiring data processors outside your country to take measures to protect the data in a manner commensurate with the regulations of their
national law.
§4 „Cookies” Policy
- We automatically collect information contained in Cookies for the purpose of gathering users’ data. A cookie is a small
piece of text that is sent to the user’s browser and which the browser sends back upon subsequent visits to the website.
They are mainly used to maintain a session, e.g., by generating and sending a temporary identifier after logging in. We use “session” Cookies stored on the user’s device until the user logs out, closes the website, or closes the web browser, as well as “permanent” Cookies stored on the user’s device for the duration specified in the cookie settings or until the user deletes them. - Cookies customize and optimize the website and its content to meet users’ needs through activities such as generating
page view statistics and ensuring security. Cookies are also necessary to maintain the session after leaving the website. - The administrator processes the data contained in Cookies each time the website is visited by users for the following
purposes:
a) optimizing the use of the website;
b) identifying users currently logged in;
c) to adapt the graphics, options, and all other website content to user’s individual preferences;
d) to store data automatically or manually entered into Order Forms or login credentials provided by the visitor;
e) collecting and analysing anonymous statistics showing how the website is used in the admin panel and via Google Analytics
f) creating remarketing lists based on information about preferences, behaviour, usage patterns, and interests on the website, as well as collecting demographic data, and then making these lists available in AdWords and Facebook Ads.
g) creating data segments based on demographic information, interests, and preferences regarding viewed products/services.
h) using demographic data and interest data in Analytics reports. - The user may, at any time, use their web browser to completely block and delete Cookies.
- If the user blocks the collection of Cookies on their device, it may complicate or prevent the use of certain website features; the user is fully entitled to do so but must be aware of the resulting functional limitations.
- User who does not wish to have Cookies used for the purpose described above may delete them manually at any time. For
detailed instructions, please visit the website manufacturer of the web browser the user is currently using. - More information about Cookies is available in the help menu of each web browser. Examples of web browsers that support “Cookies”:
a) Internet Explorer cookie settings
b) Chrome cookie settings
c) Firefox cookie settings
d) Opera cookie settings
e) Safari cookie settings
f) Cookies on Android
g) Cookies on Blackberry
h) Cookies on iOS (Safari)
i) Cookies on Windows Phone
§5 Rights and Obligations
- We have the right, and in the cases specified by law, also the legal obligation, to disclose selected or all information regarding personal data to public authorities or third parties who submit such a request for information in accordance with applicable Polish law.
- The user has the right to access the content of their personal data that they provide; the user may correct or update this data at any time, and also has the right to request its removal from our databases or to cease its processing, without providing any reason. To exercise these rights, the user may at any time send a message to the e-mail address or use another method that delivers or conveys such a request.
- The processing of personal data related to people who are our customers is based on:
a) a justified interest as the data administrator (e.g., regarding the creation of a database, analytical and profiling activities, including activities related to the analysis of product usage, direct marketing of our own products, and the preservation of documentation for the purpose of defending against potential claims or pursuing claims),
b) consent (including, in particular, consent to e-mail marketing or telemarketing),
c) performance of a concluded contract,
d) legal obligations (e.g., tax law or accounting regulations).
- The processing of personal data related to people who are potential customers is based on:
a) a justified interest of the data administrator (e.g., in relation to creating a database or direct marketing of its own products)
b) consent (including, in particular, consent to e-mail marketing or telemarketing). - A request by the user to delete personal data or to cease its processing may result in the complete inability to provide services or a significant limitation thereof.
- We place particular emphasis on the issue of profiling and note that:
a) for profiling purposes, we generally process data that was previously encrypted using SSL;
b) we use typical data for this purpose: e-mail address, IP address, or Cookies
c) we profile to analyse or predict the personal preferences and interests of users of our Websites, products, or services, and to tailor the content on our Websites or in our products to those preferences
d) we profile for marketing purposes, i.e., to tailor marketing offers to the preferences mentioned above. - We undertake to act in accordance with applicable laws and the principles of social coexistence.
- Information on out-of-court settlement of consumer disputes. The authorized entity under the Act on Out-of-Court
Settlement of Consumer Disputes is the Financial Ombudsman, whose website address is as follows: www.rf.gov.pl.
§6 Basic Safety Rules
- Every user should ensure the security of their own data and the security of their devices used to access the Internet. Such a device must have antivirus software with a regularly updated database of virus definitions, types, and variants, a secure version of the web browser they use, and a firewall enabled. Users should verify that their operating system and installed programs have the latest and most compatible updates, as attacks often exploit vulnerabilities found in installed software.
- Access credentials for online services – such as usernames, passwords, PINs, and digital certificates – should be stored in a
location inaccessible to others and impossible to hack from the internet. They should not be disclosed or stored on a device in a form that allows unauthorized access and reading by unauthorized people. - Be cautious when opening strange attachments or links in e-mails you did not expect, e.g., from unknown senders or from the spam folder.
- We recommend enabling anti-phishing filters in your web browser—tools that verify whether a displayed website is legitimate and not being used to obtain information fraudulently, such as by impersonating a person or organization.
- Files should be downloaded exclusively from trusted sources, websites, and platforms. We do not recommend installing software from unverified sources, especially from unknown publishers with an unproven reputation. This also applies to mobile devices, such as smartphones and tablets.
- When using a home Wi-Fi network, choose a password that is secure and difficult to crack; it should not be a pattern or sequence of characters that is easy to guess (e.g., a street name, the homeowner’s name, a birthday, etc.). It is also recommended to use the highest possible Wi-Fi encryption standards that are compatible with your equipment, such as
WPA2.
§7 Use of Social Media Plugins
- Plugins from social media platforms such as facebook.com, x.com, and others may be present on our websites. The associated services are provided by Meta Platforms Inc. and X Corp., respectively.
- Facebook is operated by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA. To view Facebook plugins, go to: https://developers.facebook.com/docs/plugins
- X (formerly Twitter) is operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. To view X plugins, go to: https://dev.x.com/web/tweet-button
- The plugin only provides its’ provider with information about which of our web pages you accessed and when. If, while viewing or browsing our website, you are logged into your account on, for example, Facebook or X, the provider is able to link your interests, information preferences, and other data—such as when you click the “Like” button, leave a comment, or enter a profile name in the search bar. This information will also be transmitted directly to the provider via your browser.
- For more detailed information about how Facebook or X collects and uses data, as well as about privacy protection, please visit the following pages:
a) Data protection/privacy advice from Facebook: http://www.facebook.com/policy.php
b) Data protection/privacy advice from X: https://x.com/privacy - To prevent Facebook or X from recording your visit to our website while using your account, you must log out of your
account before browsing our website.