§ 1 General Provisions

1. The Administrator of the personal data of the users of the website located under the domain www.noo.ma is NOOMA Sp. z o.o., with its registered seat: 9C/2 Woźna Street, 61-777 Poznań, REGON 368871652, Polish TIN (NIP): 7831768262, entered in the National Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Economic Department of the National Court Register, KRS 0000706965, share capital: PLN 5,000 paid in full (hereinafter: "Administrator")
2. The Service has designated an electronic contact point for direct communication with the authorities of the Member States, the Commission, the Council for Digital Services: [email protected]. The same contact point can be used by any Customer for direct and prompt communication with the Service. The Service can also be contacted in writing, at its address: ul. Woźna 9C/2, 61-777 Poznań, or via the contact form available on the website. Communication may be conducted in Polish or English.
3. The purpose of the Policy is to define the actions taken regarding personal data collected through the Administrator's website and related services and tools used by its users, as well as in the context of concluding and performing contracts outside the website.
4. In the event of necessity, the provisions of this Policy may be subject to change. Any change will be communicated to users by announcing the new content of the Policy, and in the case of a database of individuals who have consented to the processing of data by email or have provided email data in the execution of contracts, they will also be notified of the change by email.

§ 2 Legal Basis for Processing, Purposes, and Storage of Personal Data

1. Personal data of users are processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of May 10, 2018, and the Act on the Provision of Electronic Services of July 18, 2002, along with subsequent amendments to the aforementioned laws.
2. The Administrator may collect the following data for the following purposes:
   

   Purpose of data processing	Legal basis processing and data retention period	Data retention period	Scope of data processed
   Performing a contract with the customer or taking action at the request of the data subject before entering into the aforementioned contracts	Article 6(1)(b) of the GDPR (performance of a contract).	During the term of the aforementioned agreement until the expiration of the legal obligation associated with accounting. Data will be processed until the expiration of the period in which claims can be pursued.	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country), Company name, Tax Identification Number (NIP)
   Direct marketing	Article 6(1)(f) of the GDPR (legitimate interests pursued by the Administrator). The Administrator may process data for direct marketing purposes only after obtaining consent and in the absence of objection from the data subject.	Until the withdrawal of consent – remember, you can withdraw your consent at any time. Processing data until the withdrawal of your consent remains lawful. Data will be processed until the expiration of the period in which claims can be pursued.	Email address; Phone number;
   Marketing	Article 6(1)(a) of the GDPR (consent)	Until the withdrawal of consent – remember, you can withdraw your consent at any time. Processing data until the withdrawal of your consent remains lawful. Data will be processed until the expiration of the period in which claims can be pursued. Until unsubscribing from the newsletter.	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country),
   Expression of opinion by the client	Article 6(1)(a) of the GDPR	In the absence of expressing an opinion for a period of 30 days from the date of your purchase or until objection to processing is considered; Upon expressing an opinion - until its deletion or until objection to processing is considered. Data will be processed until the expiration of the period in which claims can be pursued.	First and last name; Email address; Phone number;
   Bookkeeping	Article 6(1)(c) of the GDPR in conjunction with Article 86 § 1 of the Tax Ordinance Act dated January 17, 2017 (Journal of Laws of 2017, item 201) or Article 74(2) of the Accounting Act dated January 30, 2018 (Journal of Laws of 2018, item 395).	Data will be processed until the expiration of the period in which claims can be pursued. Data is stored for the period required by the laws mandating the retention of tax records (until the expiration of the limitation period for the tax obligation, unless tax laws provide otherwise) or accounting records (5 years, counting from the beginning of the year following the financial year to which the data pertains).	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country), Tax Identification Number (NIP); Company name;
   Issuing a refund	Execution of the Agreement or taking action at the request of the data subject before entering into the Agreement (Article 6(1)(b) of the GDPR).	5 years after the termination of business relations with the client	First and last name; Email address; Phone number; PESEL (Polish personal identification number); Address (street, house number, apartment number, postal code, city, country), Business entity data.
   Establishment, pursuit, or defense of claims that the Administrator may assert or that may be asserted against the Administrator.	Article 6(1)(f) of the GDPR	Data is stored for the duration of our legitimate interest, but no longer than the limitation period for claims against the data subject arising from our business activities.	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country), Tax Identification Number (NIP); Company name.
   Conducting research and analysis to improve the functionality of available services	Article 6(1)(f) of the GDPR	Data will be processed until the expiration of the period in which claims can be pursued. Until the expiration of the validity or deletion of cookies files used for analytical purposes.	Company name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country), Computer components; Settings; Installed software.
   Registration of customer account	Execution of the Agreement or taking action at the request of the data subject before entering into the Agreement (Article 6(1)(b) of the GDPR).	5 years after the termination of business relations with the client.	First and last name; Email address; Phone number; PESEL (Polish personal identification number); Address (street, house number, apartment number, postal code, city, country), Business entity data.
   Sending notifications to the customer	Execution of the Agreement or taking action at the request of the data subject before entering into the Agreement (Article 6(1)(b) of the GDPR) Fulfillment of a legal obligation incumbent on the Administrator (Article 6(1)(c) of the GDPR)	5 years after the termination of business relations with the client.	First and last name; Email address; Phone number; PESEL (Polish personal identification number); Address (street, house number, apartment number, postal code, city, country), Business entity data.
   Providing customer support	Execution of the Agreement or taking action at the request of the data subject before entering into the Agreement (Article 6(1)(b) of the GDPR)	5 years after the termination of business relations with the client. 2 years after the last update of the customer's inquiry.	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country); Business entity data.
   Proper functioning of the service	Maintaining the performance of the service and its improvement (Article 6(1)(f) of the GDPR)	5 years after the termination of business relations with the client	Same as above, Information about activities performed on the website (button clicks, visit duration, read notifications, other information depending on the specific business case).
   Tracking website visits for security reasons	Protection and security of the service, customer interests, ensuring customer security (Article 6(1)(f) of the GDPR)	3 years	User ID, IP address, Browser, Content and URLs accessed by the user, Date and time of connections.
   Protecting customers from the use of disclosed login passwords	Protection and security of the service, customer interests, ensuring customer security (Article 6(1)(f) of the GDPR)	The time necessary for the administrator to verify the password.	User ID, Customer's password.
   Enabling the customer to reset their password	Protection and security of the service, customer interests, ensuring customer security (Article 6(1)(f) of the GDPR)	5 years after the termination of business relations with the client	First and last name; Email address; Business entity data; Customer's password; User ID.
   Supervising compliance with regulations, agreements, privacy policy	Protection and security of the service, customer interests, ensuring customer security (Article 6(1)(f) of the GDPR)	5 years after the termination of business relations with the client	Transaction data, Business entity data.
   Considering requests regarding personal data.	Article 6(1)(c) of the GDPR	The period of existence of the legitimate interest of the Administrator, but no longer than the limitation period for claims against the data subject arising from the business activities.	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country), Tax Identification Number (NIP); Company name.
   Providing information to law enforcement authorities and other state institutions.	Article 6(1)(c) of the GDPR	The period of existence of the legitimate interest of the Administrator, but no longer than the limitation period for claims against the data subject arising from the business activities.	First and last name; Email address; Phone number; Address (street, house number, apartment number, postal code, city, country); Tax Identification Number (NIP); Company name.

   
   
   
3. Personal data of users are stored no longer than necessary to achieve the purpose of processing, i.e., until the withdrawal of consent if the processing is based on such consent, until the expiration of claims of the Administrator and the other party in the scope of performance of concluded agreements (in the case of sales agreements/service provision agreements for 2 years, counting until the end of the year), and until the completion of handling an email inquiry or until the resolution of a complaint. After this period, the personal data of the Client will be processed by the Administrator on the basis of Article 6(1)(f) of the GDPR, i.e., for purposes arising from the legitimate interests pursued for the needs of conducted marketing campaigns.
4. To the extent necessary for the proper functioning of the website, its functionality, and the proper conduct of payment transactions (if conducted through the website), the website uses User metadata. Metadata refers to the process of reading and recognizing by the website's computer system the configuration and components of the user's computer to tailor the website to its capabilities and establish a secure connection between the user's computer and the website. Importantly, such metadata cannot lead to the identification of the User, nor are they harmful to the data stored on the computer. Nevertheless, the User has the right to withdraw consent to the processing of metadata at any time by appropriately configuring their browser or downloading a relevant plugin provided by the browser manufacturer. To do this, consult with the software manufacturer and its recommendations.
5. Personal data of users, obtained due to the execution of a user account management agreement, are stored for a period of 2 years from the last purchase made through it and no longer than 3 years from this activity.
6. The Administrator may use profiling for direct marketing purposes, but decisions made by the Administrator on its basis do not concern the conclusion or refusal to conclude an agreement, or the possibility of using electronic services. The result of profiling may include, for example, granting a discount to a specific person, sending them a discount code, reminding them of unfinished purchases, sending them a product proposal that may correspond to the interests or preferences of that person, or offering better terms compared to the standard offer. Despite profiling, the individual freely decides whether to take advantage of the discount received in this way or better terms and make a purchase. Profiling involves the automatic analysis or prediction of the behavior of a particular person on the Administrator's website, e.g., by adding a specific product to the cart, browsing a specific product page, or by analyzing the previous history of activity on the website. The condition for such profiling is that the Administrator has the personal data of the individual to subsequently send them, for example, a discount code.
7. To the extent necessary for the proper functioning of the website, its functionality, the website may, when used by the User, collect other information, including, among others:
   
   
   • IP address;
   • Information about the device, hardware, and software, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising ["IDFA"] or Advertising ID on an Android device ["AAID"]),
   • Platform type,
   • Approximate geolocation data (developed based on IP address or device settings);
   • Data regarding the internet browser, including browser type and preferred language;
     
     
8. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of infringement of the rights or freedoms of individuals of varying likelihood and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that the processing complies with the regulation and to be able to demonstrate this. These measures are subject to reviews and updates as necessary. The Administrator employs technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.

§ 3 Data sharing

1. The Administrator ensures that all collected personal data are used for the fulfillment of obligations towards users. This information will not be disclosed to third parties except in situations where:
   • Prior explicit consent of the individuals concerned will be obtained for such action, or
   • If the obligation to transfer this data arises or will arise from applicable legal regulations, e.g., law enforcement authorities.
2. Additionally, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
   
   • Suppliers of services providing the Administrator with technical, IT, and organizational solutions, enabling the Administrator to conduct business activities, including the website and electronic services provided through it (in particular, software suppliers, marketing agencies, email and hosting providers, software suppliers for business management and technical support to the Administrator, and product delivery operators) - The Administrator provides the collected personal data of the Client to selected suppliers acting on its behalf only in the case and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
   • Accounting, legal, and advisory service providers ensuring accounting, legal, or advisory support to the Administrator (in particular, accounting firms, law firms, or debt collection companies) - The Administrator provides the collected personal data of the Client to selected suppliers acting on its behalf only in the case and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
3. The Administrator may disclose anonymized data (i.e., data that do not identify specific users) to external service providers to better understand the attractiveness of advertisements and services for users. In this regard, due to the location of software providers, data may be transferred – while adhering to the principles of their protection – to third countries. However, these countries must ensure standard contractual clauses approved by the European Commission regarding the processing of personal data or have appropriate authorizations for such actions based on bilateral data processing agreements between the European Union and the respective third country, provided it is not a member of the European Economic Area. The entities in question, in the case of the Administrator, are:
   
   • Google LLC (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used for analyzing statistics of websites, Google Tag Manager used for managing scripts by easily adding code snippets to the website or application and tracking user actions on the website, Google Ads used for displaying sponsored links in Google search engine results and on partner sites within the Google AdSense program, Google Workspace allowing comprehensive website editing and coordination of work by individuals working on it (including Google Drive, Gmail, Google Sheets, Google Forms, Google Looker studio);
   • Meta Platforms, Inc. (headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used for tracking conversions from Facebook portal ads, optimizing them based on collected data and statistics, and building a targeted audience list for future advertisements.
   • TikTok Technology Limited (headquarters: 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) for tracking conversions from TikTok portal ads, optimizing them based on collected data and statistics, and building a targeted audience list for future advertisements.
   • Pinterest Inc. (headquarters: 651 Brannan Street, San Francisco, CA 94107, USA) for tracking conversions from Pinterest portal ads, optimizing them based on collected data and statistics, and building a targeted audience list for future advertisements.
   • Hotjar Limited (headquarters: Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta) for analytical tools for analyzing website statistics and tracking user actions on the website;
   • Microsoft Corporation (headquarters: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) for Microsoft Clarity analytical tools for analyzing website statistics and tracking user actions on the website;
   • Flickr, Inc. (headquarters: Suite 200, 67 E Evelyn Avenue, Mountain View, CA 94041, USA) for Flickr pixel used for tracking the use of images from the Flickr website on web pages.
4. The Administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
5. The Administrator continuously conducts a risk analysis to ensure that personal data processed by it are done so securely - primarily ensuring that only authorized persons have access to the data and only to the extent necessary for the tasks they perform. The Administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and collaborators.
6. The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities also provide a guarantee of applying appropriate security measures whenever they process personal data on behalf of the Administrator.
7. Third-party website analytics technologies integrated with the Administrator's services (including SDK [Software Development Kit] and API [Application Program Interfaces]) may combine data collected in connection with the user's use of the Administrator's website with information gathered separately over time and/or across different platforms. Many of these companies collect and use information based on their own data protection policies, which can be found on their websites. The Administrator encourages reviewing these policies.
8. The Administrator's website may use Google Analytics functionality, a website traffic analysis service provided by Google, LLC. ("Google"). Google Analytics uses cookies to assist website operators in analyzing how visitors use the site. Information generated by cookies about the use of the website by visitors is generally transmitted to Google and stored by it on servers in the United States. According to current IT standards, IP addresses of users visiting the Administrator's website are truncated. Only in exceptional cases is the complete IP address sent to a Google server in the United States and then truncated there. At the Administrator's request, Google will use this information to evaluate the website for its users, compile reports on website traffic, and provide other services related to website traffic and internet usage for website operators. Google will not associate the IP address transmitted via Google Analytics with any other data held by it. More information on how Google Analytics collects and uses data can be found on Google's official website at: www.google.com/policies/privacy/partners. Additionally, any user can prevent Google from collecting and processing data regarding their use of the website by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout.
9. When providing data to third parties, the Administrator makes every effort to ensure that it is done only to entities that meet the criteria and requirements indicated within Article 46 or 49 of the GDPR. In appropriate cases, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of July 16, 2020, the Administrator continues to assess the legal system of countries to which data is transferred and, where necessary, updates measures to ensure appropriate levels of protection.
10. Regarding data transferred to the United States, when providing data to third parties, the Administrator makes every effort to ensure that this is done in accordance with the decision of the European Commission of July 10, 2023, only to entities and organizations in the USA that ensure compliance with the new "EU-US Data Privacy Framework". The list of these organizations has been published by the US Department of Commerce. The transfer of personal data from the EEA to organizations that have joined the "EU-US Data Privacy Framework" program and are on this list is possible without the need for additional permits or the use of legal instruments such as standard contractual clauses or binding corporate rules. However, in cases where a given data importer in the USA has not joined the "EU-US Data Privacy Framework" program, the transfer of personal data to it is possible and will be done after meeting the conditions specified in Article 46 or 49 of the GDPR. In such cases, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA.

§ 4 User rights

1. A user whose personal data is processed has the right to:
   • Access, rectification, restriction, erasure or portability  - the data subject has the right to request from the Administrator access to their personal data, their rectification, erasure ("right to be forgotten"), or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.
   • Withdrawal of consent at any time - the data subject whose data is processed by the Administrator based on consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
   • Lodging a complaint with the supervisory authority - the data subject whose data is processed by the Administrator has the right to lodge a complaint with the supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw.
   • Right to object - the data subject has the right at any time to object, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests pursued by the controller) of the GDPR, including profiling based on those provisions. In such cases, the Administrator may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
   • Right to object to direct marketing - if personal data are processed for direct marketing purposes (based on the legitimate interest of the Administrator, not on the consent of the data subject), the data subject has the right at any time to object to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. The enforcement of the aforementioned rights is carried out based on the user's request sent to the email address: [email protected]. Such a request should include the user's first and last name.
3. The user ensures that the data provided or published by them on the service are accurate.

§ 5 Cookies

1. By "cookies," computer data, specifically text files, stored on end-users' devices (usually on the hard drive of a computer or on a mobile device) for saving specific settings and data through the user's browser to enable the use of websites, are understood. These files allow the user's device to be recognized and display the website appropriately, ensuring comfort during its use. Storing "cookies" thus enables the proper preparation of the website and offerings based on the user's preferences - the server recognizes and remembers, among other things, preferences such as visits, clicks, and previous actions.
2. The following Cookies are used on the website:
   

   Cookie	Domain	Description	Type
   keep_alive	noo.ma	-	Other
   secure_customer_sig	noo.ma	Shopify sets this cookie file in connection with customer login.	Necessary
   localization	noo.ma	Flickr sets this cookie file for the purpose of tracking the usage of photo galleries embedded on the Flickr website.	Funkcjonalny
   cart_currency	noo.ma	Shopify sets this cookie file to remember the user's country of origin and introduce the correct currency for transactions.	Necessary
   _cmp_a	noo.ma	-	Other
   _tracking_consent	noo.ma	-	Other
   _shopify_y	noo.ma	This cookie file is associated with the Shopify analytical package.	Analitics
   _shopify_s	noo.ma	This cookie is associated with the Shopify analytics package.	Analitics
   _orig_referrer	noo.ma	Shopify sets this cookie file for use in connection with the shopping cart.	Necessary
   _landing_page	noo.ma	Shopify installs this cookie file to track landing pages.	Analitics
   CLID	www.clarity.ms	Microsoft Clarity sets this cookie file to store information about how visitors interact with the website. The cookie helps provide an analytical report. The collected data includes the number of visitors, the location from which they visit the website, and the pages visited.	Analitics
   _shopify_sa_t	noo.ma	Shopify sets this cookie file for marketing and referral purposes.	Analitics
   _shopify_sa_p	noo.ma	Shopify sets this cookie for marketing and referral purposes.	Analitics
   popup-module	noo.ma	-	Other
   _clck	noo.ma	Microsoft Clarity sets this cookie file to retain the Clarity user ID and settings exclusively for this website. This ensures that actions taken during subsequent visits to the same website are associated with the same user ID.	Analitics
   _hjSessionUser_*	noo.ma	Hotjar sets this cookie file to ensure that data from subsequent visits to the same website is attributed to the same user identifier, which remains within the Hotjar user identifier unique to this website.	Analitics
   _hjSession_*	noo.ma	Hotjar sets this cookie file to ensure that data from successive visits to the same website is attributed to the same user identifier, which remains within the Hotjar user identifier unique to this website.	Analitics
   _ga	noo.ma	Google Analytics sets this cookie file to calculate visitor, session, and campaign data, as well as track website usage for website analytics reporting purposes. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.	Analitics
   _gid	noo.ma	Google Analytics sets this cookie file to store information about how visitors use the website, while simultaneously creating an analytical report regarding the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.	Analitics
   _gat	noo.ma	Google Universal Analytics sets this cookie file to limit the number of requests, thereby reducing data collection on high-traffic websites.	Peformance
   cart	noo.ma	Shopify sets this cookie file to ensure connectivity with the shopping cart.	Necessary
   cart_ts	noo.ma	Shopify sets this cookie file, which is used in connection with completing purchases.	Analitics
   cart_sig	noo.ma	Shopify sets this cookie file in connection with completing purchases in the store.	Necessary
   __kla_id	noo.ma	Klaviyo sets this cookie file to gather information about visitor behavior. This information is utilized for internal analysis and website optimization. It also records whether the visitor has subscribed to the newsletter.	Analitics
   shopify_pay_redirect	noo.ma	Shopify sets this cookie file to enable secure online payments and transaction processing.	Necessary
   _clsk	noo.ma	Microsoft Clarity sets this cookie file to store and consolidate user sessions in a single session record.	Analitics
   SM	.c.clarity.ms	The Microsoft Clarity cookie sets this cookie file to synchronize the MUID identifier across Microsoft domains.	Analitics
   MUID	.clarity.ms	Bing sets this cookie file to recognize unique web browsers visiting Microsoft websites. This cookie is used for advertising purposes, website analytics, and other operations.	Advertisement
   MUID	.bing.com	Bing sets this cookie file to recognize unique web browsers visiting Microsoft websites. This cookie is used for advertising purposes, website analytics, and other operations.	Advertisement
   MR	.c.bing.com	This cookie, set by Bing, is used to collect user information for analytical purposes.	Analitics
   SRM_B	.c.bing.com	Used by Microsoft Advertising as a unique identifier for visitors.	Performance
   MR	.c.clarity.ms	This cookie, set by Bing, is used to collect user information for analytical purposes.	Analitics
   ANONCHK	.c.clarity.ms	The ANONCHK cookie, set by Bing, is used to store the user's session identifier and verify ad clicks on the Bing search engine. This cookie also assists in reporting and personalization.	Advertisement
   _ps_session	.noo.ma	-	Other
   intercom-id-*	.noo.ma	Intercom sets this cookie file, which allows visitors to see any conversations they have had on Intercom's pages.	Necessary
   intercom-session-*	.noo.ma	Intercom sets this cookie file, which enables visitors to view any conversations they have conducted on Intercom's pages.	Necessary
   intercom-device-id-*	.noo.ma	Intercom sets this cookie file, which allows visitors to view any conversations they have had on Intercom's pages.	Necessary
   last_cart_lead	.noo.ma	-	Other
   gscs	.noo.ma	The gscs cookie registers data regarding the behavior of visitors to the website. It is used for personalization and interest targeting.	Analitics
   key	.noo.ma	-	Other
   wpm-domain-test	.noo.ma	-	Other
   _pay_session	shop.app	Shopify sets this cookie file to enable secure purchase transactions and payment functionality on the website.	Necessary
   id	stamped.io	Set by Google DoubleClick, this cookie file is used to create user profiles for displaying relevant advertisements.	Advertisement

   
   
3. "Cookies" contain, in particular, the domain name of the website from which they originate, the duration of their storage on the end user's device, and a unique number used to identify the browser connecting to the website.
4. Cookies are used for the purpose of:
   • Adapting the content of websites to user preferences and optimizing the use of websites,
   • Creating anonymous statistics that, by helping determine how users use websites, enable the improvement of their structures and content,
   • Providing users of the website with advertising content tailored to their interests.
     
     "cookies" do not serve to identify the user, and their use does not establish the user's identity.
5. The fundamental division of "cookies" consists of distinguishing between:
   
   • Essential cookies - these are absolutely necessary for the proper functioning of the website or the functionality that the user wishes to use, as without them, we could not provide many of the services we offer. Some of them also ensure the security of services provided electronically.
   • Functional cookies - they are important for the operation of the website because:
     

     - They enrich the functionality of websites; without them, the website will function correctly, but it will not be tailored to the user's preferences.
     - They ensure a high level of functionality for websites; without them, the level of functionality of the website may decrease, but their absence should not prevent full use of it.
     - They serve most of the functionalities of websites; blocking them will cause selected functions not to work properly.

   • Business cookies - they enable the implementation of the business model on which the website is based; blocking them will not make the entire functionality unavailable, but it may lower the level of service provision due to the inability of the website owner to realize revenues subsidizing its operation. Advertising cookies belong to this category.
   • Configuration cookies - they enable the settings of functions and services on websites.
   • Security and reliability cookies - they enable the verification of authenticity and optimization of the performance of websites.
   • Authentication cookies - they inform when the user is logged in, allowing the website to display appropriate information and functions.
   • Session state tracking cookies - they save information on how users use the website. They may concern the most frequently visited pages or any error messages displayed on some pages. Session state cookies help improve services and increase browsing comfort.
   • Process cookies - they enable the efficient operation of the website and its available functions.
   • Advertising support cookies - they enable the display of ads that are more interesting to users and more valuable to publishers and advertisers; cookies can also be used to personalize ads, as well as to display ads outside of websites.
   • Location access cookies - they enable the adjustment of displayed information to the user's location.
   • Analytics, research, or audit cookies - they enable website owners to better understand their users' preferences and improve and develop products and services through analysis. Usually, the website owner or a research company anonymously collects information and processes data about trends without identifying individual users' personal data.
   • Harmless cookies - they include cookies necessary for the correct functioning of the website and needed to enable the functionality of the website, but their operation has nothing to do with user tracking.
   • Tracking cookies - they are used to track users, but they do not include information allowing (without other data) to identify a specific user.
6. The use of cookies to customize the content of websites to user preferences generally does not involve the collection of any information allowing for user identification, although this information may sometimes constitute personal data, i.e., data enabling certain behaviors to be assigned to a specific user. Personal data collected using cookies may only be collected for the purpose of performing specific functions for the user. Such data is encrypted in a way that prevents unauthorized access to it.
7. The cookies used by this website are not harmful to the user or the end device used by them, so it is recommended not to disable their support in browsers for the proper functioning of the service. In many cases, software used for browsing websites (web browser) by default allows the storage of information in the form of cookies and other similar technologies on the end user's device. The user can change the way cookies are used through the browser at any time. To do this, you should change the browser settings. The method of changing settings varies depending on the software used (web browser). You will find appropriate instructions on subpages, depending on the browser you are using.
8. Cookies are also used to facilitate logging into the user's account, including via social media, and to enable navigation between subpages on websites without the need to log in again on each subpage. At the same time, cookies are used to secure websites, e.g., to prevent unauthorized access.
9. As part of cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information about how the user uses its services and their response to marketing messages sent via email. A pixel is a software code that allows embedding an object, usually a pixel-sized image, on a website, which enables tracking user behavior on the websites where it is placed. After giving appropriate consent, the browser automatically establishes a direct connection with the server storing the pixel, so the processing of data collected by the pixel is done within the data protection policy of the partner administering the aforementioned server.
10. The Administrator may use web log files (which contain technical data such as the user's IP address) to monitor traffic within its services, resolve technical issues, detect and prevent fraud, and enforce the provisions of the User Agreement.
11. The Administrator informs that the website does not respond to Do Not Track (DNT) signals; however, the user can disable certain forms of tracking on the internet, including some analytics and personalized advertising, by changing the cookie settings in their browser or using our cookie consent tools (if applicable).
12. Detailed information on changing cookie settings and deleting them independently in the most popular web browsers is available in the help section of the web browser and on the following pages (simply click on the link):
    
    • Google Chrome
    • Mozilla Firefox
    • Microsoft Edge
    • Opera
    • Safari macOS
    • Safari iOS/iPad OS
13. Detailed information on managing cookies on a mobile phone or other mobile device should be found in the user manual of the respective mobile device.

§ 6 Klarna Payments

In order to offer customers payment options provided by Klarna, the Administrator will transfer personal data to Klarna, such as contact details and order data. This allows Klarna to assess whether customers subject to assessment can use the payment options offered by Klarna and tailor the payment options to their needs. General information about Klarna is available here. Customer personal data is processed by Klarna in accordance with applicable personal data protection regulations and in accordance with the information contained in Klarna's privacy policy.

§ 7 E-mail advertising registration for the newsletter

• If you subscribe to our newsletter, we will use the data required while subscribing or separately communicated by you, in order to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. GDPR.
• You can unsubscribe from the newsletter at any time either by sending a message to the support team ([email protected]) or use a link provided in the newsletter. After unsubscribing, we will delete your e-mail address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and which we will inform you about in this declaration.