top of page

Privacy Policy

This Privacy Policy (hereinafter: the "Policy") provides information on the processing of your personal data in connection with the use of the LATO BRAND online store, operating at latobrand.pl (hereinafter: the "Store").

All capitalized terms not otherwise defined in this Policy shall have the meaning assigned to them in the Terms and Conditions.

The Controller of your personal data is Lato Brand, conducting unregistered business activity.

Contact with the Controller

In all matters related to the processing of personal data, you can contact the Controller via:

Personal Data Protection Measures

The Controller applies modern organizational and technical security measures to ensure the best possible protection of your personal data and guarantees processing in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter: "GDPR"), the Act of 10 May 2018 on the Protection of Personal Data, and other relevant data protection regulations.

Information on Processed Personal Data

Using the Store requires the processing of your personal data. Below is detailed information regarding the purposes, legal grounds, processing periods, and whether providing data is mandatory or voluntary.

1. Conclusion and Performance of the Account Service Agreement

  • Processed data: Name and surname, e-mail address.

  • Legal basis: Art. 6(1)(b) GDPR (processing is necessary for the performance of a contract or to take steps prior to entering into a contract).

  • Requirement: Providing data is a condition for concluding the agreement. Failure to provide data will result in the inability to create an Account.

2. Conclusion and Performance of the Sales Contract

  • Processed data: Name and surname, e-mail address, phone number, residential address (street, house/apartment number, city, postal code, country), delivery address (if different).

  • Legal basis: Art. 6(1)(b) GDPR (performance of the Sales Contract).

  • Requirement: Necessary for the performance of the contract. Data will be processed until the expiry of the limitation period for claims.

3. Complaint Proceedings

  • Processed data: Name and surname, e-mail address.

  • Legal basis: Art. 6(1)(c) GDPR (compliance with a legal obligation, including responding to complaints under the Consumer Rights Act).

  • Processing period: For the duration of the complaint procedure and until the limitation of claims.

4. E-mail Notifications

  • Processed data: E-mail address.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest – informing the Client about activities related to the performance of Agreements).

  • Processing period: Until an effective objection is lodged or the purpose is achieved.

5. Customer Inquiry Support

  • Processed data: Name and surname, e-mail address.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest – responding to inquiries).

6. Product Availability Notifications

  • Processed data: E-mail address.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest – informing about restocked items).

7. Compliance with Data Protection Obligations

  • Processed data: Name, surname, contact details.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest – fulfilling GDPR compliance and protecting against claims).

8. Analysis of Activity in the Store

  • Processed data: Date and time of visit, IP address, operating system, approximate location, browser type, time spent, viewed products.

  • Legal basis: Art. 6(1)(f) GDPR (legitimate interest – obtaining information about user activity to improve the Store).

Data Recipients

Personal data will be shared with the following external entities cooperating with the Controller:

  • Hosting company;

  • Logistics operators and courier companies;

  • Online payment providers;

  • Entities providing analytical and marketing tools (e.g., Google Analytics).

Data may also be transferred to public authorities if required by law or a binding court/administrative decision.

Your Rights

Under the GDPR, you have the following rights:

  • Right of access: To obtain information about your data and a copy of it.

  • Right to rectification: To correct inaccurate or incomplete data.

  • Right to erasure ("Right to be forgotten"): In specific cases (e.g., data no longer necessary, withdrawal of consent).

  • Right to data portability: To receive your data in a structured format.

  • Right to withdraw consent: At any time (without affecting the lawfulness of processing before withdrawal).

  • Right to restriction of processing: To pause operations on your data in certain situations.

  • Right to object: Against processing based on the Controller's legitimate interest.

  • Right to lodge a complaint: With the President of the Personal Data Protection Office (PUODO) if you believe processing violates the GDPR.

Cookies

The Store uses "cookies" installed on your terminal device. These are small text files read by the Controller's system or third-party systems (e.g., Google, Facebook).

Purpose of Cookies:

  • Store functionality: Ensuring smooth navigation and use of features.

  • Browsing comfort: Detecting errors and continuous improvement.

  • Statistics: Analyzing how users use the Store.

  • Marketing: Delivering advertisements tailored to your preferences.

You can manage cookie settings via the panel at the bottom of the website or through your browser settings. Disabling cookies may limit certain Store functionalities.

Final Provisions

For matters not covered by this Policy, generally applicable data protection laws shall apply. This Policy is effective as of September 1, 2025.

bottom of page