Privacy policy

Privacy Policy

The following Privacy Policy defines the rules for storing and accessing data on Users' Devices using the Service for the purpose of providing electronic services by the Administrator, as well as the rules for collecting and processing Users' personal data provided voluntarily through the tools available on the Service.

This Privacy Policy is an integral part of the Service’s Terms and Conditions, which define the rights and obligations of Users using the Service.

§1 Definitions

Service – the online service “Fruttii.com” operating at the address https://fruttii.com

External Service – online services of partners, service providers, or contractors cooperating with the Administrator

Service / Data Administrator – the Administrator of the Service and personal data (hereinafter referred to as the Administrator) is the company “Szkółka ‘Clematisy. M.K.J. Wędrowscy,” conducting business at: ul. Sportowa 1a, 83-211 Kolincz, Poland, Tax ID (NIP): 9570721698, providing electronic services via the Service.

User – a natural person for whom the Administrator provides services via the Service.

Device – an electronic device with software through which the User accesses the Service.

Cookies – text data collected in the form of files placed on the User’s Device.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Personal Data – information about an identified or identifiable natural person.

Processing – any operation performed on personal data such as collection, storage, modification, retrieval, disclosure, or deletion.

Restriction of Processing – marking stored personal data to limit its future processing.

Profiling – automated processing of personal data used to evaluate certain personal factors of a natural person.

Consent – voluntary, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their personal data.

Personal Data Breach – a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Pseudonymization – processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without additional information.

Anonymization – an irreversible process of transforming data that destroys or overwrites “personal data,” preventing identification or linkage to a specific user.

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Administrator directly.

§3 Types of Cookies

  • Internal Cookies – files placed and read from the User’s Device by the Service’s IT system.
  • External Cookies – files placed and read from the User’s Device by IT systems of external services integrated with the Service.
  • Session Cookies – temporary files deleted after the session ends.
  • Persistent Cookies – files stored until manually deleted or automatically removed based on browser settings.

§4 Data Storage Security

Cookie mechanisms – Cookies are exchanged between the Service and the User’s Device through web browser mechanisms and cannot retrieve data from other websites or the User’s device.

Internal Cookies – safe and do not contain scripts or content harmful to the User’s data or device.

External Cookies – the Administrator selects trusted global partners but cannot guarantee the content or safety of third-party cookies.

User control – the User can modify cookie storage and access settings at any time in their web browser.

Information on disabling cookies in popular browsers:

  • Chrome
  • Opera
  • Firefox
  • Edge
  • Safari

The User can delete all stored cookies using tools provided by their device.

User-side risks – despite the Administrator’s efforts, the User is also responsible for their data security.

Storage of personal data – the Administrator ensures secure storage, limited access, and appropriate physical and organizational safeguards.

Password storage – passwords are stored in encrypted form using the latest standards; decryption is practically impossible.

§5 Purposes of Using Cookies

  • Improving and facilitating access to the Service
  • Personalizing the Service for Users
  • Enabling login to the Service
  • Marketing and remarketing on external platforms
  • Statistics and analytics (visits, device types, etc.)
  • Providing social media functionalities

§6 Purposes of Processing Personal Data

Voluntarily provided personal data are processed for:

  • User account registration and management
  • Newsletter service (including promotional content with consent)
  • Commenting and liking content without registration
  • Sharing content on social media
  • Communication between Administrator and Users
  • Fulfilling legitimate interests of the Administrator

Anonymous data are processed for:

  • Statistics
  • Remarketing
  • Fulfilling legitimate interests of the Administrator

§7 Cookies of External Services

The Service uses scripts and components of partners that may place their own cookies on the User’s Device.

Examples of such partners and services:

  • Social services / sharing: Twitter, Facebook
  • Content sharing: Pinterest, WhatsApp
  • Newsletter service: SALESmanago
  • Statistics: Google Analytics, PrestaShop Stats, Facebook Analytics for Apps
  • Other services: Google Maps

Third-party services are beyond the Administrator’s control and may change their terms or privacy policies at any time.

§8 Types of Data Collected

The Service collects both anonymous and voluntary personal data.

Anonymous data collected automatically:

  • IP address
  • Browser type
  • Screen resolution
  • Approximate location
  • Visited pages
  • Session duration
  • Operating system
  • Referrer URL
  • Browser language
  • Internet speed
  • ISP
  • Demographic data (age, gender)

§9 Access to Personal Data by Third Parties

As a rule, the Administrator is the only recipient of Users’ personal data.

However, data may be accessed (under a data processing agreement) by entities providing:

  • Hosting and server maintenance
  • Newsletter distribution services
  • Online payment processing
  • Postal or courier delivery services

Newsletter Processing: The Administrator uses SALESmanago for newsletter services. Data entered into the newsletter form are stored and processed by this external provider.

Hosting Services: The Service is hosted by zenbox sp. z o.o. (Poland). Data may be accessed during technical maintenance.

Online Payments: Online payments are processed by Stripe. Necessary data for transaction execution are transferred to the Administrator.

Courier Services: In the case of delivery, data required for shipping are shared with the selected courier or postal operator.

§10 Method of Data Processing

  • Personal data are not transferred outside the EU, except for voluntarily published data (e.g., comments).
  • Personal data are not subject to automated decision-making (profiling).
  • Personal data are not sold to third parties.
  • Anonymous data may be transferred outside the EU.
  • Anonymous data are not used for automated decisions.
  • Anonymous data are not sold to third parties.

§11 Legal Basis for Data Processing

  • GDPR (EU) 2016/679
  • Art. 6(1)(a) – consent of the data subject
  • Art. 6(1)(b) – performance of a contract
  • Art. 6(1)(f) – legitimate interest of the Administrator
  • Polish Data Protection Act of 10 May 2018
  • Telecommunications Law of 16 July 2004
  • Copyright and Related Rights Act of 4 February 1994

§12 Data Retention Period

Personal data: Stored only as long as necessary for service provision, and deleted or anonymized within 30 days after service termination.

Exception: retained up to 3 years for legal purposes in case of violations or suspected breaches.

Anonymous data: May be stored indefinitely for statistical purposes.

§13 User Rights Regarding Personal Data

  • Access to their personal data
  • Rectification of inaccurate data
  • Request deletion of their data
  • Restriction of data processing
  • Data portability
  • Objection to processing
  • Lodging a complaint with the supervisory authority

Newsletter subscribers can unsubscribe using a link in every email.

§14 Contact with the Administrator

Postal address: Szkółka ‘Clematisy. M.K.J. Wędrowscy, ul. Sportowa 1a, 83-211 Kolincz, Poland

Email: info@fruttii.com

Contact form: https://fruttii.com/contact-us

§15 Service Requirements

Restricting cookie use may cause malfunction of certain Service features. The Administrator is not responsible for such issues resulting from User-side limitations.

§16 External Links

The Service may contain external links. The Administrator is not responsible for the content or safety of external websites linked from the Service.

§17 Changes to the Privacy Policy

The Administrator reserves the right to modify this Privacy Policy at any time.

Changes concerning anonymous data or cookies may be made without prior notice.

Changes concerning personal data processing will be communicated via email to registered Users or Newsletter subscribers within 7 days of modification.

Continued use of the Service implies acceptance of the updated Privacy Policy.

The new version takes effect upon publication on this page.