Politique de confidentialité

Privacy Policy

Before you start shopping, please read this Privacy Policy, which sets out the most important rules for processing your personal data.

The owner of the store and the Data Administrator is Nutraway sp.z o.o. based in Łódź, ul. Prezydenta Gabriela Narutowicza 40/1, 90-135 Łódź, NIP: PL7252316522.

If you want to contact us about any matter, write to: kontakt@ollywell.pl or call +48 22 506 40 59

For the purposes described below, we collect and process the following personal data:

  1. Identification data. Data such as: First name, Last name, residential address are necessary to place an order, conduct the sales process, provide after-sales service, as well as set up a user account in our store.
  2. Contact details. Email address is required to place an order and register an account in our store. The email address may also be used to provide some features of our store. In terms of contacting users, we may also process our customers' phone numbers.
  3. Sales data. In order to fulfill our obligations to our customers and in connection with legal obligations, we may process sales data such as order number, payment data, delivery data, etc.
  4. Information about browsing the store's website. Data such as: access time, number of access cases, IP address and information about events (such as errors, crashes, restarts and updates to new versions) and other diagnostic, technical data, information about errors and usage, e.g. time and time of using services, search terms entered by the User on the device and any information stored in cookies placed on the User's device.
  5. Cookies. On our store's website, we use Cookies. These are IT data, most often text files, which are stored on the end device. They usually contain the name of the website they come from, storage time and number.

Your personal data is processed for the following purposes:

  1. Conducting the sales process — identification data, contact details - pursuant to Art. 6(1)(b) GDPR (necessity to conclude and/or perform a contract);
  2. Creating and maintaining a customer account — identification data, contact details, sales data - pursuant to Art. 6(1)(a) GDPR (consent) and pursuant to Art. 6(1)(b) GDPR (necessity to conclude and/or perform a contract for maintaining a user account);
  3. Handling complaints — identification data, contact details, sales data - pursuant to Art. 6(1)(b) GDPR (necessity to conclude and/or perform a contract);
  4. Contact regarding matters related to the implementation of the contract or the Administrator's offer — identification data, contact details, sales data - pursuant to Art. 6(1)(b) GDPR (necessity to conclude and/or perform a contract);
  5. Issuing invoices and fulfilling other obligations under tax law — identification data, contact details, sales data - pursuant to Art. 6(1)(c) GDPR (necessity to fulfill a legal obligation by the Company);
  6. Storage of unpaid inquiries - sales data — pursuant to Art. 6(1)(f) GDPR (legitimate interest of the Personal Data Administrator); the Company's legitimate interest is to keep statistics of unfulfilled orders in order to improve the quality of services provided.
  7. Direct marketing — contact details - pursuant to Art. 6(1)(a) GDPR (consent);
  8. Establishment, exercise or defense against claims identification data, contact details, sales data — pursuant to Art. 6(1)(f) GDPR (legitimate interest of the Personal Data Administrator); the Company's legitimate interest is to protect the property interest of the Company and users;
  9. Archival and evidential purposes, for the purpose of securing information that may serve to demonstrate facts- identification data, contact details, sales data — pursuant to Art. 6(1)(f) GDPR (legitimate interest of the Personal Data Administrator); the Company's legitimate interest is to have information needed, e.g., by state authorities;
  10. Analytical purposes, consisting, among others, of the analysis of data collected automatically when using the website Information about browsing the store's website, cookies — pursuant to Art. 6(1)(a) (consent) and Art. 6(1)(f) GDPR (legitimate interest of the Personal Data Administrator); the Company's legitimate interest is to learn about user activity;
  11. Website administration - Information about browsing the store's website, — pursuant to Art. 6(1)(f) GDPR (legitimate interest of the Personal Data Administrator); the Company's legitimate interest is the efficient management of the website;
  12. Posting a comment on the website - identification data, contact details — pursuant to Art. 6(1)(a) GDPR (consent);

You may withdraw your consent at any time, however, withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Providing all personal data is voluntary, however:

  • providing data such as name and email address is necessary to price the service and conclude a contract (without this data, providing the service will be impossible);
  • providing data such as name, email address, order number is necessary to consider a complaint, and in the case of a refund — also providing a residential address and bank account number (without this data, processing a complaint or refund will not be possible);
  • providing data such as name and surname or company name, registered office address, NIP number is necessary to issue an invoice for services and results from legal provisions (without this data, issuing an invoice will not be possible);

Your personal data may be disclosed to our couriers, lawyers, payment processing companies, hosting company, accounting firm, insurance company, company responsible for the ERP system, company responsible for customer service management, software providers, as well as entities supporting us in collecting opinions about our products and services. In addition, we may be obliged, e.g., on the basis of a legal provision, to provide your personal data to private and public entities.

The transfer of personal data to a third country or international organization follows the rules below. The Personal Data Administrator does not transfer your personal data to international organizations. In the event that personal data is transferred to entities outside the EEA, this will be done on the basis of expressed consent or to the extent necessary to perform the concluded contract. We inform you that in the case of transferring your personal data to entities outside the EEA, there is a risk of not ensuring an equivalent level of protection of your personal data resulting from the GDPR by the countries in which these entities are headquartered.

Your personal data will be stored:

  • for the duration of the contract — in the case of personal data processed for the purpose of concluding and performing the contract;
  • for a period of 3 years or 6 years + 1 year — in relation to personal data processed for the purpose of establishing, pursuing and defending claims (the length of the period depends on whether both parties are entrepreneurs or not)
  • for a period of 6 months — in relation to personal data that was collected when pricing the service, and at the same time the contract was not concluded immediately, i.e. processed for the purpose of possible conclusion of the contract;
  • for a period of 5 years — in relation to personal data processed in order to comply with tax obligations;
  • until consent is withdrawn or the purpose of processing is achieved, but not longer than 5 years — in relation to personal data processed on the basis of consent;
  • until an effective objection is raised or the purpose of processing is achieved, but not longer than 5 years — in relation to personal data processed on the basis of the legitimate interest of the Personal Data Administrator or for marketing purposes;
  • until the data becomes outdated or loses usefulness, but not longer than 3 years — in relation to personal data processed mainly for analytical purposes, the use of cookies and website administration.

Information about your rights in connection with the processing of personal data:

You have the right to: access the content of the data, request rectification of the data, request their deletion, restriction of processing, the right to data portability and the right to object to the processing of data.

You can submit a request to exercise your rights:

  • to the email address - kontakt@ollywell.pl
  • by mail to the address – ul. Prezydenta Gabriela Narutowicza 40/1, 90-135 Łódź

In the application, you should provide data that will allow us to clearly identify you.

You also have the right to lodge a complaint with the supervisory authority dealing with the protection of personal data - to the President of the Personal Data Protection Office, when you consider that the processing of your personal data is unlawful.

We make every possible effort to secure your personal data and protect it from the actions of third parties. We apply all necessary security measures for servers, connections and websites to protect data, in particular SSL encryption. All connections related to the execution of payments by our customers will be made via a secure encrypted connection. We inform you that the measures we have taken may prove insufficient if our customers themselves do not observe security rules. In particular, each user should keep their login and password to their account on the website confidential and not share them with third parties. We inform you that we never ask our customers for login data.