Privacy policy

Last updated: 21 February 2025

This Privacy Policy describes how HUMIO (“the Website” and any inflected form of the personal pronoun “we”) collects, uses, and discloses personal information of the User who visits the website or uses our services from the website, or makes a purchase on the website at wodahumio.pl (“Website”), or otherwise communicates with us in connection with the Website (collectively, “Services”). For the purposes of this Privacy Policy, the term “User” refers to the user of the Services, whether they are a customer, a website visitor, or any other individual whose information we collect in accordance with this Privacy Policy.

Please read this Privacy Policy carefully.

Data Controller

Your data controller is Maria Gryzło ZDROVENA, registered at ul. Cieszyńska 6/12, 30-015 Kraków, REGON: 492832877, NIP: 7341123931. If you have any questions about the processing of your data, please contact us at biuro@wodahumio.pl. 

Changes to this Privacy Policy

We may update this Privacy Policy, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on the Website and update the “Last updated” date accordingly and take any other steps required by applicable law.

Collection and Use of the User’s Personal Information

To provide the Services, we collect personal information about the User from various sources as described below. The personal information we collect and use depends on how the User interacts with us.

In addition to the specific uses described below, we may use personal information collected about the User to communicate with them, provide or improve the Services, comply with applicable legal obligations, enforce applicable Service terms, and protect or defend the Services, our rights, and the rights of our users or others.

Personal Information Collected

The types of personal information we obtain about the User depend on how the User interacts with the Website and uses our Services. “Personal information” refers to information that identifies, relates to, describes, or is capable of being associated with the User. The sections below describe the categories and specific types of personal information we collect.

Information Collected Directly from the User

Information the User provides to us directly through our Services may include:

  • Contact details, including the User’s name, address, phone number, and email address.
  • Order information, including the User’s name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account information, including username, password, security questions, and other information used for account security.
  • Customer service information, including information the User provides when communicating with us, for example via messages sent through the Services.

Certain features of the Services may require the User to provide specific information directly to us. The User is not required to provide such information, but failure to do so may prevent them from using or accessing certain features.

Collection of Usage Information

We may also automatically collect certain information about the User’s interactions with the Services (“Usage Data”). We may use cookies, pixels, and similar technologies (“Cookies”). Usage Data may include information about the User’s use of and access to the Website and their account, including device information, browser information, network connection data, IP address, and other information related to the User’s interactions with the Services.

Information Obtained from Third Parties

We may also obtain information about the User from third parties, including vendors and service providers who may collect information on our behalf, such as:

  • Companies operating the Website and Services, e.g., Shopify.
  • Our payment processors, who collect payment information (such as bank account, credit or debit card information, or billing address) to process the User’s payments and fulfill orders or provide services the User has purchased.
  • When the User visits the Website, opens or clicks our emails, or interacts with the Services or our ads, certain information may be automatically collected by us or third parties we work with, using online tracking technologies such as pixels, web beacons, SDKs, third-party libraries, and cookies.

Any information we obtain from third parties will be processed in accordance with this Privacy Policy. See also the section Third-Party Websites and Links below.

Use of the User’s Personal Information

  • Providing products and Services. We use the User’s personal information to provide Services, perform our contract with the User (including processing payments, fulfilling orders, sending notifications related to their account, purchases, returns, exchanges, or other transactions), creating and maintaining the User’s account, managing shipments, facilitating returns or exchanges, and enabling other account-related features. We may also enhance the User’s shopping experience by allowing Shopify to match the User’s account with other Shopify services they may use. In such cases, Shopify will process the User’s information in accordance with its Privacy Policy and Consumer Privacy Policy.
  • Marketing and advertising. We may use the User’s personal information for marketing and promotional purposes, such as sending marketing communications via email, SMS, or postal mail, and displaying advertising. This may include using the User’s information to better tailor Services and ads on the Website and elsewhere. If the User is located in the EEA, the legal basis for such processing is our legitimate interest in promoting our products under Art. 6(1)(f) GDPR.
  • Security and fraud prevention. We use the User’s personal information to detect, investigate, or act upon potential fraudulent, illegal, or malicious activities. If the User creates an account, they are responsible for maintaining the security of their login credentials. We strongly recommend not sharing usernames or passwords with anyone. If the User believes their account has been compromised, they should contact us immediately. For Users in the EEA, the legal basis is our legitimate interest in ensuring the security of our website under Art. 6(1)(f) GDPR.
  • Communication and service improvement. We use the User’s personal information to provide appropriate customer support and improve our Services. It is in our legitimate interest to respond to the User’s needs, provide efficient Services, and maintain business relationships under Art. 6(1)(f) GDPR.

Cookies

Our Website, like many other websites, uses cookies. More information about the cookies used by us in connection with Shopify’s operation of our store can be found at https://www.shopify.com/legal/cookies. We use Cookies to provide and improve the Website and Services (including remembering the User’s actions and preferences), conduct analytics, and better understand the User’s interactions with the Services (based on our legitimate interest in administering, improving, and optimizing the Services). We may also allow third parties and service providers to use cookies on the Website to better tailor services, products, and advertising.

Most browsers automatically accept cookies by default, but the User may configure their browser to delete or reject Cookies. Please note that disabling cookies may negatively affect the User’s experience and may cause some Services, including certain features and functionality, to operate improperly or become unavailable. Blocking Cookies may also not fully prevent us from sharing information with third parties, such as advertising partners.

Disclosure of Personal Information

We may disclose the User’s personal information to third parties under certain circumstances, such as to perform our contract, comply with the law, or for other reasons consistent with this Privacy Policy. These circumstances may include sharing personal information with:

  • Vendors or other third parties that provide services on our behalf (e.g., IT management, payment processing, data analytics, customer service, cloud storage, fulfillment, and shipping).
  • Business and marketing partners for service delivery and advertising purposes. These partners will use the User’s information in accordance with their own privacy statements.
  • Third parties when the User instructs us to disclose information or consents to such disclosure, for example, to ship products or use social media widgets or login integrations.
  • Affiliates or members of our corporate group, in our legitimate interest of operating a successful business.
  • In connection with business events such as mergers or bankruptcy, to meet legal obligations (including responding to subpoenas or similar requests), enforce Service terms, or protect the Services and rights of users or others.

We disclose the following categories of personal and sensitive personal information for the purposes described above under “How we collect and use personal information” and “How we disclose personal information”:

Category Categories of Recipients
  • Identifiers, such as basic contact information and certain order or account details.
  • Commercial information, such as order details, purchase information, and customer service data.
  • Internet or similar network activity information, such as Usage Data.
  • Geolocation data, such as IP-based or technology-based location information.
  • Vendors and third parties providing services on our behalf (e.g., internet service providers, payment processors, fulfillment or customer service partners, and data analytics providers)
  • Business and marketing partners
  • Affiliates

We do not use or disclose the User’s sensitive personal information without their consent or to infer characteristics about them.

With the User’s consent, we share personal information for advertising and marketing purposes.

Third-Party Websites and Links

The Website may contain links to websites or online platforms operated by third parties. If the User uses these links to visit websites not belonging to our affiliates, they should review the applicable privacy and security policies and other relevant terms of those websites. We do not guarantee or take responsibility for the privacy or security of such websites, including the accuracy, completeness, or reliability of information found on them. Information posted by the User in public or semi-public areas, including information shared on third-party social media platforms, may be visible to others without restrictions on use by us or third parties. The presence of such links does not constitute endorsement unless explicitly stated.

Children’s Data

The Services are not intended for use by children, and we do not knowingly collect personal information from children. If a parent or guardian believes that their child has provided personal information to us, they may contact us using the information below to request deletion.

As of the Effective Date of this Privacy Policy, we have no actual knowledge that we “share” or “sell” (as defined by applicable law) personal information of individuals under 16 years of age.

User Information Security and Retention

Please note that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Additionally, information transmitted by the User may not be secure during transmission. We recommend avoiding unsecure channels when sending sensitive or confidential information.

The retention period for personal information depends on various factors, such as whether we need the information to operate the User’s account, provide Services, meet legal obligations, resolve disputes, or enforce agreements and policies.

User Rights

Depending on the User’s place of residence, they may have some or all of the rights listed below concerning their personal information. These rights are not absolute and may apply only in certain circumstances. We may deny a request if permitted by law.

  • Right to know / right of access. The User may have the right to request access to the personal information we hold about them, including details on how their information is used and shared.
  • Right to deletion. The User may have the right to request that we delete the personal information we hold about them.
  • Right to correction. The User may have the right to request correction of inaccurate personal information.
  • Right to data portability. The User may have the right to receive a copy of their personal information and request its transfer to a third party under certain conditions and exceptions.
  • Right to opt out of sale, sharing, or targeted advertising. The User may have the right to prevent us from “selling” or “sharing” their personal information or processing it for purposes considered “targeted advertising” under applicable privacy laws. If the User visits the Website with a GPC opt-out signal enabled, we will treat it as a request to opt out, depending on the User’s location.
  • Restriction of processing. The User may request that we stop or restrict processing of their personal information.
  • Withdrawal of consent. Whenever we rely on consent for processing personal information, the User may withdraw such consent.
  • Appeal. If we deny a request, the User may have the right to appeal by responding directly to our decision.
  • Communication preferences. We may send promotional emails, and the User may unsubscribe at any time using the opt-out link. We may still send non-promotional messages, such as account or order updates.

The User may exercise these rights where indicated on the Website or by contacting us using the information below.

We will not discriminate against the User for exercising their rights. Before responding, we may need to collect information from the User (such as email address or account details) to verify their identity. Under applicable law, the User may designate an authorized agent to submit requests on their behalf. Before accepting such a request, we will require proof of authorization and may require the User to verify their identity with us. We will respond within the time required by applicable law.

Complaints

If the User has complaints about how we process their personal information, they may contact us using the information below. If the User is not satisfied with our response, they may—depending on their location—appeal our decision (by contacting us again) or submit a complaint to their local data protection authority. A list of EEA supervisory authorities is available here.

International Users

Please note that we may transfer, store, and process personal information outside the User’s country of residence. The User’s personal information may also be processed by employees, external service providers, and partners in these countries.

When transferring personal information outside Europe, we rely on approved transfer mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent instruments adopted in the UK, unless the destination country is deemed to provide adequate protection.

Contact

If you have any questions about our privacy practices or this Privacy Policy or wish to exercise any of your rights, please contact us by phone or email at info@wodahumio.pl or write to us at Cieszyńska 6, Kraków, 30-015, PL.

For the purposes of applicable data protection laws and unless stated otherwise, we are the controller of your personal information.