Privacy policy
The provision of personal data and consent to its processing is entirely voluntary. Any personal data provided to us will be processed solely for the purposes and to the extent to which you have given your consent. In the event that you choose not to provide us with the data necessary to fulfill your order and do not consent to its processing, we regret to inform you that we will be unable to process your order.
Please be informed that you have the right to access, modify, or delete your personal data at any time. You may exercise these rights independently or by contacting us for assistance.
Our company adheres to a rigorous data protection policy. Your personal data is secure with us and we are committed to continually enhancing our security measures. We believe that reading our privacy policy will assure you of the safety of your information and allow you to enjoy your shopping experience at www.smallhumandesign.com
1. General Information
1.1. This policy pertains to the Website operating under the domain name: smallhumandesign.com
1.2. The data controller and operator of the Website is Innovative Furniture Corporation (trading as Small Human Design), registered at: Cieśle 5, 29-105 Krasocin
1.3. The operator’s contact email address is: info@smallhumandesign.com
1.4. The operator acts as the data controller for personal data voluntarily provided by Users on the Website.
1.5. The Website processes personal data for the following purposes: 1.5.1. Handling inquiries submitted via the contact form 1.5.2. Providing ordered services
1.6. The Website collects information about Users and their behavior in the following ways:
1.6.1. Through data voluntarily entered into forms and subsequently processed by the Operator’s systems.
1.6.2. Through the use of cookies stored on Users’ devices.
2. Security Measures Employed by the Data Controller
2.1. Data transmission to and from the login and data entry points is secured using SSL encryption. This ensures that personal data and login credentials are encrypted on the user’s device and can only be decrypted on the designated server.
2.2. Personal data stored in the database is encrypted using a secure encryption algorithm, which can only be decrypted by the Data Controller. This provides an additional layer of security in the event of a data breach.
2.3. User passwords are stored in a hashed format. This one-way cryptographic function renders the passwords irreversible, aligning with industry best practices for password storage.
2.4. The Data Controller implements regular password rotations for administrative accounts.
2.5. The Operator conducts regular data backups to mitigate the risk of data loss.
2.6. To maintain a robust security posture, the Operator ensures that all software used for processing personal data is kept up-to-date, including regular updates of software components.
3. Hosting
3.1. The Website is hosted on servers provided by a third-party hosting provider.
3.2. To ensure the technical reliability of the Website, the hosting provider maintains server logs. The following data may be recorded in these logs: 3.2.1. Uniform Resource Locators (URLs) of requested resources,
3.2.2. Timestamps of requests and responses,
3.2.3. Client hostname as identified by the HTTP protocol,
3.2.4. Details of any errors encountered during HTTP transactions,
3.2.5. Referrer URLs, indicating the preceding webpage from which the user navigated to the Website,
3.2.6. User-agent strings identifying the user’s browser, 3.2.7. IP addresses,
3.2.8. Diagnostic data related to the self-service ordering process,
3.2.9. Data related to the handling of emails sent to and from the Operator.
4. Your Rights and Additional Information on Data Processing
4.1. In certain circumstances, the Controller may disclose your personal data to third parties if this is necessary for the performance of a contract or to comply with a legal obligation. Such third parties include:
4.1.1. the hosting provider acting as a data processor
4.1.2. authorized employees and contractors who process data for the purposes of operating the website
4.2. Your personal data will be retained by the Controller only for as long as is necessary to fulfill the purposes for which it was collected, including legal and accounting requirements. Marketing data will be retained for no longer than 3 years.
4.3. You have the right to request from the Controller:
4.3.1. access to your personal data
4.3.2. rectification of inaccurate personal data
4.3.3. erasure of your personal data
4.3.4. restriction of processing of your personal data
4.3.5. data portability
4.4. You have the right to object to the processing of your personal data for direct marketing purposes, including profiling. However, this right may be limited in certain circumstances.
4.5. You have the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw. 4.6. Providing personal data is voluntary but necessary for using the Service.
4.7. Automated decision-making, including profiling, may be used in relation to you to provide services under the contract and for direct marketing purposes.
4.8. Your personal data will not be transferred outside the European Union.
5. Information Submitted via Forms
5.1. The Service collects personal data and other information that is voluntarily provided by the user.
5.2. The Service may log connection parameters, such as timestamps and IP addresses.
5.3. In certain instances, the Service may record information to link form data to the user’s email address. This is achieved by including the email address within the URL of the form page.
5.4. The purpose of processing data submitted via forms is determined by the specific function of each form. For example, data may be processed to handle service requests, sales inquiries, or to register for services. The purpose of each form is clearly explained.
6. Administrator Logging
User activity on the website may be logged for administrative purposes.
7. Significant Marketing Techniques
The Controller employs statistical analysis of website traffic through Google Analytics (Google Inc., headquartered in the USA). To protect user privacy, only anonymized data is shared with Google Analytics. The service relies on the use of cookies stored on the user’s device. Users can review and manage the information collected by Google’s advertising network through the following link: https://www.google.com/ads/preferences/
8. Cookie Policy
8.1. This Service uses cookies.
8.2. Cookies are small text files stored on your device to enhance your browsing experience. They typically contain information about the website, the duration of storage, and a unique identifier.
8.3. The Service Operator places and accesses these cookies.
8.4. Cookies serve the following purposes:
8.4.1. Maintaining user sessions, eliminating the need for repeated logins.
8.4.2. Supporting the marketing activities described in the section entitled “Important marketing techniques”.
8.5. The Service uses both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a specified period).
8.6. You can control and manage cookies through your browser settings. You can choose to accept or decline cookies, or to be notified when a cookie is being placed on your device.
8.7. Please note that disabling cookies may limit your ability to use certain features of this Service.
8.8. Third-party cookies, such as those from Google, Facebook, and Twitter, may also be used in connection with this Service.
9. Cookie Management
Users who wish to restrict or block cookies can do so through their browser settings. Please note that disabling certain cookies may limit your ability to use all features of our website.
To manage your cookie preferences, please refer to the following instructions for your specific web browser:
Edge
Internet Explorer
Chrome
Safari
Firefox
Opera
For mobile devices:
Android
Safari (iOS)
Windows Phone