Download App

Privacy Policy

 

PocketPretty Holdings Incorporated (referred to below as “Lella”, “we”, “us” or “Administrator”) aims to maintain its users’ privacy. 

By using the Lella Services (including our Website and Mobile Application) you are consenting to the disclosures described in and the terms of this Privacy Policy (the “Policy”). 

PocketPretty Holdings Incorporated process all personal data of its users and other person with the utmost care and diligence for the personal data and keeping it safe. PocketPretty Holdings Incorporated complies in particular with the terms and conditions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Canadian Personal Information Protection and Electronic Documents Act.

All the services on the Website and Mobile Application, are all directed to people who are at least 18 years old or older – according to Terms and Conditions all Users of the Website must be at least 18 years old. This Policy is not intended for use by children. Our website is not designed or intentionally targeted at children. We do not knowingly collect or maintain information about anyone under the age of 18. If you are under the age of eighteen (18) and wish to create an account, your parent or legal guardian must create the Account, submit your personal information, and agree to these Terms of Use on your behalf.  If we learn that we have collected personal information from someone under the age of 18 that was not provided with the supervision and consent of the minor’s parents or legal guardian, we will promptly delete that information. If you believe we have impermissibly collected personal information from someone under the age of 18, please contact us using the information below.

 

Definitions

  1. Personal data administrator, Administrator – PocketPretty Holdings Incorporated, 412-142 Roncesvalles Ave, Toronto, ON, M6R2N2
  2. Personal data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected for via cookies and other similar technology.
  3. Policy – this privacy policy.
  4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  5. Website – Website under the address: www.lella.co and Mobile Application Lella.
  6. User – any natural person visiting the Website or using one or several services or functionalities described in the Policy.

What information do we collect?

We collect information from you when you register on our Website place an order, subscribe to our newsletter, respond to a survey, or fill out a form. When ordering or registering on our Website, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, and credit card information. You may, however, visit our site anonymously. We are accountable for all personal information which we collect that is in our possession or custody, including any personal information which is disclosed when registering on our site, placing an order, subscribing to our newsletter, responding to a survey, or filling out a form.

Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies) and who are not registered Users (i.e. persons without an account profile in the Website) are processed by the Administrator:

  1. In order to provide services electronically in the scope of making content collected in the Website available to Users, providing contact forms – then the legal basis for processing is the necessity of processing to perform the contract (art. 6 paragraph 1 letter b of the GDPR);
  2. To handle complaints – then the legal basis for processing is the necessity of processing to perform the contract (art. 6 paragraph 1 letter b of the GDPR);
  3. for analytical and statistical purposes – then the legal basis for processing is the justified interest of the Administrator (art. 6 paragraph 1 letter f of the GDPR) consisting in conducting analyzes of Users’ activity as well as their preferences in order to improve the functionalities and services provided;
  4. In order to possibly determine and assert claims or defend against them – the legal basis for processing is the justified interest of the Administrator (art. 6 paragraph 1 letter f of the GDPR) consisting in the protection of his rights;
  5. To personalize your experience (your information helps us to better respond to your individual needs);
  6. To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you);
  7. To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs);
  8. To administer a contest, promotion, survey or other site feature;
  9. To send periodic emails.

The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.

Your personal information will not be sold, exchanged, transferred, or given to any other company or third party for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested and within the frames covered herein. We do not share your information with any third parties except as disclosed herein. We may provide personal information to third parties within our network, as well as to subcontractors and suppliers (who shall be bound by privacy obligations), to assist us in delivering the product purchased or service requested by you. Your personal data will be shared with the service providers, registered on the Website, but only if you choose to share your personal data with the said providers in order to obtain a service. 

Personal information will not be used or disclosed for purposes other than those for which it was collected, except with your consent or as required by law. We will retain your personal information for as long as necessary to fulfill the purposes for which the information was collected. If your personal information is to be used or disclosed for a different purpose than which it was collected, we will inform you. We may also use the data about your chosen services, preferences etc. and make them available to third parties for marketing purposes or market research. In this situation your personal data will not be disclosed to third parties who will only receive the aggregate and always anonymous data.

The Administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the query. The User may also provide other data to facilitate contact or to handle the query. Providing data marked as mandatory is required in order to receive and service the query, and failure to do so results in the inability to service. Providing other data is voluntary.

Personal data is processed:

  1. in order to identify the sender and service his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (art. 6 paragraph 1 letter b of the GDPR);
  2. for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art. 6 paragraph 1 letter f GDP) consisting in keeping statistics of queries submitted by Users via the Website in order to improve its functionality.

Marketing purposes

The Administrator processes Users’ personal data in order to carry out marketing activities that may consist of:

  1. displaying marketing content relevant to the User’s interests (behavioural advertising);
  2. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information;

In order to implement marketing activities, the Administrator uses profiling in some cases. This means that due to automatic data processing, the Administrator assesses selected factors regarding natural persons in order to analyze their behaviour or create a forecast for the future.

The Administrator processes Users’ personal data, including personal data collected via cookies and other similar technologies, for marketing purposes in connection with directing behavioural advertising to Users (i.e. advertising that is tailored to the User’s preferences). The processing of personal data also includes User profiling. The use of personal data collected through this technology for marketing purposes is based on the legitimate interest of the Administrator and only on condition that the User has consented to the use of cookies. Consent to the use of cookies can be expressed through the appropriate configuration of the browser, and can also be withdrawn at any time, in particular by clearing the cookie history and disabling cookies in your browser settings.

This consent may be withdrawn at any time.

If the User has agreed to receive marketing information via e-mail, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of Administrator consisting in sending marketing information within the limits of consent given by the User (direct marketing). The User has the right to object to data processing for the purposes of direct marketing, including profiling. The data will be stored for this purpose for the duration of the legally legitimate interest of Administrator, unless the User objects to receiving marketing information.

 

Social Media

The Administrator processes personal data of Users visiting the Administrator’s profiles kept in social media. These data are processed only in connection with maintaining a profile, including to inform Users about the Administrator’s activity and to promote various types of events, services and products, as well as to communicate with users through the functionalities available in social media. The legal basis for the processing of personal data by the Administrator for this purpose is his legitimate interest (art. 6 paragraph 1 letter f GDPR) consisting in promoting his own brand and building and maintaining the brand-related community.

This site uses plugins for the social networks of the following providers.

These plugins usually collect data from the User by default and send it to the server of the respective provider. We have taken up an appropriate technical measures to protect the User’s privacy so that the providers of individual plug-ins cannot collect User’s data without obtaining their consent. When the User visits a website associated with a given plugin, the plugin will be initially disabled. Unless the User clicks the appropriate symbol, the plug-in will remain disabled. Clicking on the symbol will enable the plug-in and will mean giving consent to send data to the appropriate provider. Legal basis for using plugins: art. 6 clause 1 lit. a) and f) GDPR.

Enabled plugins also collect personal data, such as the User’s IP address, and send it to the server of the respective provider, where the data is saved. When the User visits the relevant website, the enabled plugin configures a cookie with a unique identifier. This allows the provider to generate User behavior profiles. This is the case even if the User is not a user of the provider’s social network. If the User belongs to the provider’s social network and logs in to the website during his visit, his data and information about his visit to this website may be associated with his profile in the relevant social network. Administrator has no influence on the extent to which User data is collected by the relevant provider. For more information on the scope, specifics and purpose of data processing as well as privacy protection rights and options, please refer to the data protection information published by relevant social network providers. This information is available on the following websites:

  1. Facebook: https://www.facebook.com/policy.php
  2. Instagram: https://help.instagram.com/519522125107875?helpref=page_content
  3. Youtube: https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248

Facebook and/or Google registration

We provide User with the option of registering and logging in via a Facebook and/or Google account. If the User registers through Facebook or Google, Facebook or Google will ask him for consent to share us specific data from the User’s Facebook or Google account. This data may include the User’s name and email address to enable us to verify User’s identity and gender. They may also contain general data about the User’s location, a link to his Facebook or Google profile, time zone data, date of birth, profile picture, data on likes and the User’s list of friends. 

These data will be collected by Facebook or Google and sent to us in accordance with the principles set out in the data rules in force on Facebook or Google. Using Facebook’s or Google’s privacy settings, the User can control the data that we receive from Facebook or Google. 

This data will be used to create, share and personalize your account. Legal basis: art. 6 clause 1 lit. a), b) and f) GDPR.

If the User signs up to Website via Facebook, the User’s account will be automatically linked to his Facebook account, and information about any User’s actions on the Website will be made available on Facebook and published on the User’s timeline and in his message channel.

 

Newsletter

Pursuant to art. 6 clause 1 lit. a) GDPR User may agree to receive a newsletter from us, which contains information on our current offers. To receive our newsletter, you only need to enter your email address on the Website in the given space. Providing additional, specially marked data is voluntary. This data will enable us to personalize messages sent to the User. After receiving appropriate confirmation from the User, we will save the User’s email address to send him newsletters. Legal basis: art. 6 clause 1 lit. a) GDPR.

The User may at any time withdraw his consent to send him the newsletter and unsubscribe from it. To report your intention to withdraw your consent contact us.

Whenever we send the User a newsletter, it aims, among other things, to assess his behaviour. Therefore, email messages with the newsletter contain web beacons (also called tracking pixels), which are also stored by us. We then combine data on the User’s behaviour with the use of web beacons with the e-mail address and User’s individual ID. 

Based on the data obtained in this way, we generate a User profile to tailor the newsletter to the individual interests of a given User. To this end we register when the User reads the newsletters received from us and which links they contain are clicked by the User, and determines the User’s individual interests mentioned. Then, this data is linked by us with information on the User’s behaviour on website. 

The User may at any time withdraw consent to such monitoring by contacting us. The collected data will be stored as long as the User expresses interest in receiving the newsletter. When the User unsubscribes from the newsletter, this data will be stored by us only for statistical purposes and in anonymous form. 

However, monitoring is not possible if viewing images in the user’s e-mail application is deactivated by default. In this case, the newsletter will not be displayed in full, and the User will not be able to use some of the newsletter functions. Monitoring will, however, take place if the User displays the images manually.

 

Google Analytics

The Website uses Google Analytics for website analysis, offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States. The Universal Analytics operating mode is used. This allows you to assign data, sessions and interactions from various devices to the identifier of the User using a nickname and thus allows the analysis of actions taken by that User from the level of observed devices. 

Google Analytics uses cookies that enable an analysis of how the User uses Website. The data generated by the cookie as a result of the User’s use of Website are usually transmitted to a Google server in the United States and saved there. However, if IP anonymization is activated on the Website, in accordance with the Agreement on the European Economic Area in the Member States of the European Union or other countries that have signed this agreement, the User’s IP address will be shortened earlier. The full IP address will be transmitted to a Google server in the United States (and shortened there) only in exceptional circumstances. The IP address sent from the User’s browser in the context of Google Analytics will not be combined with other Google data. Google will use this information at the request of the Website operator to evaluate how you use this Website, so that you can compile reports on website activity and provide other services related to the website and Internet use to the Website operator. The processing of data for these purposes is also in the legitimate interest of Administrator. Legal basis for using the Google Analytics service: art. 6 clause 1 lit. f) GDPR. Data sent by us and associated with cookie files, User data (such as User ID) and promotional identifiers are deleted after 14 months from the date the User recently used Website services. Data whose storage period has expired is automatically deleted once a month. For more information on the terms and conditions of using this service and data protection, please visit https://www.google.com/analytics/terms/pl.html and https://policies.google.com/?hl=en.

Users can prevent cookies from being saved by selecting the appropriate settings in their browser. In this case, however, the User will not be able to fully use all the functions of the Website. The User may also prevent Google from collecting and processing data generated by cookies and data related to the User’s use of the website (including his IP address) by downloading and installing the add-on available at https://tools.google.com/dlpage/gaoptout?hl=pl. Opt-out cookies mean that User data will no longer be collected when the User visits Website. To prevent data collection from different devices in Universal Analytics mode, the User must perform the opt-out procedure on all systems they use. To set a opt-out cookie, click here: Disable Google Analytics.

 

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We have in place reasonable commercial standards of technology and operational practices to protect the information provided by visitors and users of our website from unauthorized use, disclosure, copying, or modification.

We offer the use of a secure server. All supplied sensitive and/or credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems, who are required to keep the information confidential.

The Administrator conducts risk analysis on an ongoing basis to ensure that personal data are processed by him in a secure manner – ensuring, first of all, that only authorized persons have access to the data and only to the extent that it is necessary due to that performed by no tasks. The administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and colleagues.

The Administrator shall take all necessary actions so that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data at the request of the Administrator.

We have implemented reasonable technical, physical, administrative, and organizational safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.  Please be aware that despite our efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not liable for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

 

Do we use cookies?

Yes. Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the website’s or service provider’s systems to recognize your browser and capture and remember certain information. 

The Administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies, storing information or gaining access to information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.). Cookies used for this purpose include:

  1. Cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
  2. Authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
  3. Cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
  4. Session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
  5. Persistent cookies used to personalize the User interface for the duration of the session or a little longer (user interface customization cookies),
  6. Cookies used to remember the contents of the basket for the duration of the session (shopping cart cookies);

The Administrator also uses cookies for marketing purposes, including in connection with targeting behavioral advertising to Users. For this purpose, the Administrator stores information or gains access to information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.). The use of cookies and personal data collected through them for marketing purposes requires the consent of the User. This consent may be expressed through the appropriate configuration of the browser, and may also be withdrawn at any time, in particular by clearing the cookie history and disabling cookies in the browser settings.

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services and aspects of our website may not function properly 

 

Period of processing the personal data

We will process personal data for the duration of User’s registration on the Website and the time necessary to demonstrate performance of the contract, i.e. for the duration of the limitation period for claims.

After User deletes the account on the Website his/her data will be stored by us only for statistical purposes and in anonymous form.

 

User’s entitlements

Data subjects have the following rights:

    1. The right to information on the processing of personal data – the Administrator provides information on the processing of personal data, including primarily the purposes and legal grounds for processing, the scope of data held, entities to whom personal data is disclosed and the planned date of their removal;
    2. The right to obtain a copy of the data – the Administrator provides a copy of the processed data regarding the person making the request;
    3. Right to rectification – the Administrator removes any incompatibilities or errors regarding personal data being processed, and supplements or updates them if they are incomplete or have changed;
    4. The right to delete data (the so-called right to forget) – is the basis for requesting the deletion of data whose processing is no longer necessary to achieve any of the purposes for which it was collected;
    5. The right to limit processing – the Administrator ceases to carry out operations on personal data, with the exception of operations to which the data subject has consented and their storage, in accordance with the adopted retention rules, or until the reasons for limiting data processing cease (e.g. a decision will be issued supervisory authority authorizing further processing of data);
    6. The right to transfer data – to the extent that data is processed in connection with the concluded contract or expressed consent, the Administrator issues data provided by the person to whom they relate, in a format that can be read by a computer. It is also possible to request that the data be sent to another entity – provided that both the Administrator and another entity to which the data are sent have appropriate technical conditions enabling such transmission;
    7. The right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such an objection;
    8. The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data on the basis of the justified interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should contain a justification and is subject to the Administrator’s assessment;
    9. The right to withdraw consent – if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of this consent;
    10. Right to complain – if it is considered that the processing of personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection.

An application regarding the exercise of the rights of data subjects, together with an indication of which request we make, can be submitted:

  1. In writing to the address of the seat of Administrator: ____________________________;
  2. By email at the Administrator email address: [email protected];

If the Administrator will not be able to determine the content of the request or identify the person submitting the application based on the application, he will ask the applicant for additional information.

Answers to applications will be given within one month of receipt. If it is necessary to extend this period, the Administrator will inform the applicant about the reasons for such extension.

The answer will be given to the e-mail address from which the application was sent, and in the case of applications sent by letter, by ordinary letter to the address indicated by the applicant, unless the content of the letter indicates the desire to receive feedback to the e-mail address (in this case you must provide an email address).

 

Data recipients

In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for operating IT systems, entities such as payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with the implementation of the order).

The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

We do not sell, trade, or otherwise transfer to outside parties your personal information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our website policies (including our Terms of Service and this Policy), or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. We may also use the data about your chosen services, preferences etc. and make them available to third parties for marketing purposes or market research. In this situation your personal data will not be disclosed to third parties who will only receive the aggregate and always anonymous data.

As you browse our website and other websites, online ad networks we work with may place anonymous cookies on your computer, and use similar technologies, in order to understand your interests based on your (anonymous) online activities, and thus tailor more relevant ads to you. If you do not wish to receive such tailored advertising, you can opt out of most companies that engage in such advertising. This will not prevent you from seeing ads; the ads simply will not be delivered through these targeting methods.

Website may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

External service providers and partner entities, including online payment service providers and communication services agents, will only receive User data to the extent necessary to process your request. In such cases, the scope of transmitted data is limited to the necessary minimum. If these service providers are in contact with your personal data, we will guarantee that pursuant to art. 28 of GDPR, these suppliers also met the requirements set out in data protection regulations at every stage of order processing. The User should at the same time read the content of the privacy policy of the respective provider. Such provider is responsible for the content of external services, but we verify these services to a reasonable extent in terms of compliance with legal requirements. User data is primarily processed in the EU / EEA. However, we may also use the services of providers that process data outside the EU / EEA. In such cases, we will ensure that the recipient has ensured an adequate level of protection for such data before providing the User’s personal data. This means that the level of data protection is achieved as a result of concluding contracts that comply with the EU standard or by taking a decision stating the appropriate level of protection, comparable to the standard in force in the EU.

 

Changes to our Privacy Policy

We may amend this Policy from time to time. If such amendments affect how we use or disclose personal information already held by us in any material way, we will obtain the consent of the individuals affected. Notwithstanding the general terms of this Policy, the collection, use, and disclosure of personal information may be made outside of the terms herein to the extent provided for in any applicable privacy or other legislation in effect from time to time. We may disclose personal information to another entity purchasing (including for due diligence purposes prior to purchase) the assets of [legal name], provided that entity abides a similar privacy policy.

Any individual has a right to challenge the compliance of our organization to this Policy at any time. We will take due care and diligence in assessing and investigating complaints. If a complaint is found to be justified, we will take the appropriate measures to rectify the complaint. If necessary, we will amend this Policy and our practices.

If we decide to change this Policy, we will update the Privacy Policy modification date below.

This Policy was last modified on May 1, 2020.

We strongly recommend that you periodically review this Policy to be informed about how we are protecting your information.

 

Terms and Conditions

For more information on the extent to which this Policy applies, please visit our Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of our website.

 

Contacting Us

If there are any questions regarding this privacy policy or you feel that your concerns have not been addressed by this privacy policy you may contact us.