PocketPretty Holdings Incorporated (referred to below as “Lella”, “we”, “us” or “Administrator”) aims to maintain its users’ privacy.
PocketPretty Holdings Incorporated process all personal data of its users and other person with the utmost care and diligence for the personal data and keeping it safe. PocketPretty Holdings Incorporated complies in particular with the terms and conditions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Canadian Personal Information Protection and Electronic Documents Act.
- Personal data administrator, Administrator – PocketPretty Holdings Incorporated, 412-142 Roncesvalles Ave, Toronto, ON, M6R2N2
- Personal data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected for via cookies and other similar technology.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Website – Website under the address: www.lella.co and Mobile Application Lella.
- User – any natural person visiting the Website or using one or several services or functionalities described in the Policy.
What information do we collect?
We collect information from you when you register on our Website place an order, subscribe to our newsletter, respond to a survey, or fill out a form. When ordering or registering on our Website, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, and credit card information. You may, however, visit our site anonymously. We are accountable for all personal information which we collect that is in our possession or custody, including any personal information which is disclosed when registering on our site, placing an order, subscribing to our newsletter, responding to a survey, or filling out a form.
Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies) and who are not registered Users (i.e. persons without an account profile in the Website) are processed by the Administrator:
- In order to provide services electronically in the scope of making content collected in the Website available to Users, providing contact forms – then the legal basis for processing is the necessity of processing to perform the contract (art. 6 paragraph 1 letter b of the GDPR);
- To handle complaints – then the legal basis for processing is the necessity of processing to perform the contract (art. 6 paragraph 1 letter b of the GDPR);
- for analytical and statistical purposes – then the legal basis for processing is the justified interest of the Administrator (art. 6 paragraph 1 letter f of the GDPR) consisting in conducting analyzes of Users’ activity as well as their preferences in order to improve the functionalities and services provided;
- In order to possibly determine and assert claims or defend against them – the legal basis for processing is the justified interest of the Administrator (art. 6 paragraph 1 letter f of the GDPR) consisting in the protection of his rights;
- To personalize your experience (your information helps us to better respond to your individual needs);
- To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you);
- To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs);
- To administer a contest, promotion, survey or other site feature;
- To send periodic emails.
The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
Your personal information will not be sold, exchanged, transferred, or given to any other company or third party for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested and within the frames covered herein. We do not share your information with any third parties except as disclosed herein. We may provide personal information to third parties within our network, as well as to subcontractors and suppliers (who shall be bound by privacy obligations), to assist us in delivering the product purchased or service requested by you. Your personal data will be shared with the service providers, registered on the Website, but only if you choose to share your personal data with the said providers in order to obtain a service.
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with your consent or as required by law. We will retain your personal information for as long as necessary to fulfill the purposes for which the information was collected. If your personal information is to be used or disclosed for a different purpose than which it was collected, we will inform you. We may also use the data about your chosen services, preferences etc. and make them available to third parties for marketing purposes or market research. In this situation your personal data will not be disclosed to third parties who will only receive the aggregate and always anonymous data.
The Administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the query. The User may also provide other data to facilitate contact or to handle the query. Providing data marked as mandatory is required in order to receive and service the query, and failure to do so results in the inability to service. Providing other data is voluntary.
Personal data is processed:
- in order to identify the sender and service his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (art. 6 paragraph 1 letter b of the GDPR);
- for analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (art. 6 paragraph 1 letter f GDP) consisting in keeping statistics of queries submitted by Users via the Website in order to improve its functionality.
The Administrator processes Users’ personal data in order to carry out marketing activities that may consist of:
- displaying marketing content relevant to the User’s interests (behavioural advertising);
- sending e-mail notifications about interesting offers or content, which in some cases contain commercial information;
In order to implement marketing activities, the Administrator uses profiling in some cases. This means that due to automatic data processing, the Administrator assesses selected factors regarding natural persons in order to analyze their behaviour or create a forecast for the future.
This consent may be withdrawn at any time.
If the User has agreed to receive marketing information via e-mail, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of Administrator consisting in sending marketing information within the limits of consent given by the User (direct marketing). The User has the right to object to data processing for the purposes of direct marketing, including profiling. The data will be stored for this purpose for the duration of the legally legitimate interest of Administrator, unless the User objects to receiving marketing information.
The Administrator processes personal data of Users visiting the Administrator’s profiles kept in social media. These data are processed only in connection with maintaining a profile, including to inform Users about the Administrator’s activity and to promote various types of events, services and products, as well as to communicate with users through the functionalities available in social media. The legal basis for the processing of personal data by the Administrator for this purpose is his legitimate interest (art. 6 paragraph 1 letter f GDPR) consisting in promoting his own brand and building and maintaining the brand-related community.
This site uses plugins for the social networks of the following providers.
These plugins usually collect data from the User by default and send it to the server of the respective provider. We have taken up an appropriate technical measures to protect the User’s privacy so that the providers of individual plug-ins cannot collect User’s data without obtaining their consent. When the User visits a website associated with a given plugin, the plugin will be initially disabled. Unless the User clicks the appropriate symbol, the plug-in will remain disabled. Clicking on the symbol will enable the plug-in and will mean giving consent to send data to the appropriate provider. Legal basis for using plugins: art. 6 clause 1 lit. a) and f) GDPR.
Enabled plugins also collect personal data, such as the User’s IP address, and send it to the server of the respective provider, where the data is saved. When the User visits the relevant website, the enabled plugin configures a cookie with a unique identifier. This allows the provider to generate User behavior profiles. This is the case even if the User is not a user of the provider’s social network. If the User belongs to the provider’s social network and logs in to the website during his visit, his data and information about his visit to this website may be associated with his profile in the relevant social network. Administrator has no influence on the extent to which User data is collected by the relevant provider. For more information on the scope, specifics and purpose of data processing as well as privacy protection rights and options, please refer to the data protection information published by relevant social network providers. This information is available on the following websites:
- Facebook: https://www.facebook.com/policy.php
- Instagram: https://help.instagram.com/519522125107875?helpref=page_content
- Youtube: https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248
Facebook and/or Google registration
We provide User with the option of registering and logging in via a Facebook and/or Google account. If the User registers through Facebook or Google, Facebook or Google will ask him for consent to share us specific data from the User’s Facebook or Google account. This data may include the User’s name and email address to enable us to verify User’s identity and gender. They may also contain general data about the User’s location, a link to his Facebook or Google profile, time zone data, date of birth, profile picture, data on likes and the User’s list of friends.
These data will be collected by Facebook or Google and sent to us in accordance with the principles set out in the data rules in force on Facebook or Google. Using Facebook’s or Google’s privacy settings, the User can control the data that we receive from Facebook or Google.
This data will be used to create, share and personalize your account. Legal basis: art. 6 clause 1 lit. a), b) and f) GDPR.
If the User signs up to Website via Facebook, the User’s account will be automatically linked to his Facebook account, and information about any User’s actions on the Website will be made available on Facebook and published on the User’s timeline and in his message channel.
Pursuant to art. 6 clause 1 lit. a) GDPR User may agree to receive a newsletter from us, which contains information on our current offers. To receive our newsletter, you only need to enter your email address on the Website in the given space. Providing additional, specially marked data is voluntary. This data will enable us to personalize messages sent to the User. After receiving appropriate confirmation from the User, we will save the User’s email address to send him newsletters. Legal basis: art. 6 clause 1 lit. a) GDPR.
The User may at any time withdraw his consent to send him the newsletter and unsubscribe from it. To report your intention to withdraw your consent contact us.
Whenever we send the User a newsletter, it aims, among other things, to assess his behaviour. Therefore, email messages with the newsletter contain web beacons (also called tracking pixels), which are also stored by us. We then combine data on the User’s behaviour with the use of web beacons with the e-mail address and User’s individual ID.
Based on the data obtained in this way, we generate a User profile to tailor the newsletter to the individual interests of a given User. To this end we register when the User reads the newsletters received from us and which links they contain are clicked by the User, and determines the User’s individual interests mentioned. Then, this data is linked by us with information on the User’s behaviour on website.
The User may at any time withdraw consent to such monitoring by contacting us. The collected data will be stored as long as the User expresses interest in receiving the newsletter. When the User unsubscribes from the newsletter, this data will be stored by us only for statistical purposes and in anonymous form.
However, monitoring is not possible if viewing images in the user’s e-mail application is deactivated by default. In this case, the newsletter will not be displayed in full, and the User will not be able to use some of the newsletter functions. Monitoring will, however, take place if the User displays the images manually.
The Website uses Google Analytics for website analysis, offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States. The Universal Analytics operating mode is used. This allows you to assign data, sessions and interactions from various devices to the identifier of the User using a nickname and thus allows the analysis of actions taken by that User from the level of observed devices.
Users can prevent cookies from being saved by selecting the appropriate settings in their browser. In this case, however, the User will not be able to fully use all the functions of the Website. The User may also prevent Google from collecting and processing data generated by cookies and data related to the User’s use of the website (including his IP address) by downloading and installing the add-on available at https://tools.google.com/dlpage/gaoptout?hl=pl. Opt-out cookies mean that User data will no longer be collected when the User visits Website. To prevent data collection from different devices in Universal Analytics mode, the User must perform the opt-out procedure on all systems they use. To set a opt-out cookie, click here: Disable Google Analytics.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. We have in place reasonable commercial standards of technology and operational practices to protect the information provided by visitors and users of our website from unauthorized use, disclosure, copying, or modification.
We offer the use of a secure server. All supplied sensitive and/or credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those authorized with special access rights to such systems, who are required to keep the information confidential.
The Administrator conducts risk analysis on an ongoing basis to ensure that personal data are processed by him in a secure manner – ensuring, first of all, that only authorized persons have access to the data and only to the extent that it is necessary due to that performed by no tasks. The administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and colleagues.
The Administrator shall take all necessary actions so that its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data at the request of the Administrator.
We have implemented reasonable technical, physical, administrative, and organizational safeguards to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not liable for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Yes. Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the website’s or service provider’s systems to recognize your browser and capture and remember certain information.
- Cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
- Authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
- Cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
- Session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
- Persistent cookies used to personalize the User interface for the duration of the session or a little longer (user interface customization cookies),
- Cookies used to remember the contents of the basket for the duration of the session (shopping cart cookies);
If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services and aspects of our website may not function properly
Period of processing the personal data
We will process personal data for the duration of User’s registration on the Website and the time necessary to demonstrate performance of the contract, i.e. for the duration of the limitation period for claims.
After User deletes the account on the Website his/her data will be stored by us only for statistical purposes and in anonymous form.
Data subjects have the following rights:
- The right to information on the processing of personal data – the Administrator provides information on the processing of personal data, including primarily the purposes and legal grounds for processing, the scope of data held, entities to whom personal data is disclosed and the planned date of their removal;
- The right to obtain a copy of the data – the Administrator provides a copy of the processed data regarding the person making the request;
- Right to rectification – the Administrator removes any incompatibilities or errors regarding personal data being processed, and supplements or updates them if they are incomplete or have changed;
- The right to delete data (the so-called right to forget) – is the basis for requesting the deletion of data whose processing is no longer necessary to achieve any of the purposes for which it was collected;
- The right to limit processing – the Administrator ceases to carry out operations on personal data, with the exception of operations to which the data subject has consented and their storage, in accordance with the adopted retention rules, or until the reasons for limiting data processing cease (e.g. a decision will be issued supervisory authority authorizing further processing of data);
- The right to transfer data – to the extent that data is processed in connection with the concluded contract or expressed consent, the Administrator issues data provided by the person to whom they relate, in a format that can be read by a computer. It is also possible to request that the data be sent to another entity – provided that both the Administrator and another entity to which the data are sent have appropriate technical conditions enabling such transmission;
- The right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such an objection;
- The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data on the basis of the justified interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should contain a justification and is subject to the Administrator’s assessment;
- The right to withdraw consent – if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before the withdrawal of this consent;
- Right to complain – if it is considered that the processing of personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection.
An application regarding the exercise of the rights of data subjects, together with an indication of which request we make, can be submitted:
- In writing to the address of the seat of Administrator: ____________________________;
- By email at the Administrator email address: [email protected];
If the Administrator will not be able to determine the content of the request or identify the person submitting the application based on the application, he will ask the applicant for additional information.
Answers to applications will be given within one month of receipt. If it is necessary to extend this period, the Administrator will inform the applicant about the reasons for such extension.
The answer will be given to the e-mail address from which the application was sent, and in the case of applications sent by letter, by ordinary letter to the address indicated by the applicant, unless the content of the letter indicates the desire to receive feedback to the e-mail address (in this case you must provide an email address).
In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for operating IT systems, entities such as payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with the implementation of the order).
The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
We do not sell, trade, or otherwise transfer to outside parties your personal information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our website policies (including our Terms of Service and this Policy), or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. We may also use the data about your chosen services, preferences etc. and make them available to third parties for marketing purposes or market research. In this situation your personal data will not be disclosed to third parties who will only receive the aggregate and always anonymous data.
As you browse our website and other websites, online ad networks we work with may place anonymous cookies on your computer, and use similar technologies, in order to understand your interests based on your (anonymous) online activities, and thus tailor more relevant ads to you. If you do not wish to receive such tailored advertising, you can opt out of most companies that engage in such advertising. This will not prevent you from seeing ads; the ads simply will not be delivered through these targeting methods.
Website may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.
Any individual has a right to challenge the compliance of our organization to this Policy at any time. We will take due care and diligence in assessing and investigating complaints. If a complaint is found to be justified, we will take the appropriate measures to rectify the complaint. If necessary, we will amend this Policy and our practices.
This Policy was last modified on May 1, 2020.
We strongly recommend that you periodically review this Policy to be informed about how we are protecting your information.
Terms and Conditions
For more information on the extent to which this Policy applies, please visit our Terms of Service establishing the use, disclaimers, and limitations of liability governing the use of our website.