Privacy Policy

Hello!
If you are here, it surely means that you value your privacy. We understand this perfectly, that’s why we are presenting you with a document in which you will find all the rules for the processing of personal data and the use of cookies and other tracking technologies in connection with the functioning of the https://buy.design website.

Some formal information for a start – website administrator is We Do Tech Limited, 8th floor, China Hong Kong Tower, 8-12 Hennessy Road, Wan Chai, 999077 Hong Kong, Company registration number: 2964925, Business registration number: 72099473. This privacy policy is structured in the form of questions and answers. The choice of this form was dictated by the care for transparency and legibility of the information presented to you. Below you will find the table of contents of this policy corresponding to the questions we answer.

If you have any doubts concerning the privacy policy, you can contact us at any time by sending a message to [email protected]

1. Who is the administrator of your personal data?
We Do Tech Limited, 8th floor, China Hong Kong Tower, 8-12 Hennessy Road, Wan Chai, 999077 Hong Kong, Company registration number: 2964925, Business registration number: 72099473 is the administrator of your personal data.

2. Who can you contact regarding the processing of your personal data?
As part of the implementation of personal data protection in our organization, we have decided not to appoint a personal data protection officer due to the fact that in our situation it is not mandatory. In matters related to the protection of personal data and broadly understood privacy, you can contact us at [email protected]

3. What information do we have about you?
Depending on the purpose, we may process the following information about you:
first name and surname,
address,
e-mail,
data included in your correspondence to us,
other data given in reference to registration or adding content to the service.
We have precisely described the scope of the processed data in relation to each processing purpose. Information in this regard can be found further in this policy.

4. How did we get your personal data?
In most cases, you pass them on to us yourself. This happens when:
you register a user account,
you sign up for a newsletter,
you contact us.

5. Is your data safe?
We care about the security of your personal data. We have analysed the risks related to individual data processing processes, and then implemented appropriate security and personal data protection measures. We monitor the condition of our technical infrastructure on an ongoing basis, train our staff, observe the procedures applied, and ntroduce necessary improvements. If you have any questions regarding your personal data, contact us at [email protected]

6. What is the purpose of processing of your personal data?
There are more of these purposes. Below you will find a list followed by a more detailed description. We have also added the appropriate legal grounds for processing to the individual purposes.
Registration and maintenance of a user account – art. 6(1) b GDPR,
newsletter mailing – art. 6(1) a GDPR (if you signing up for the newsletter without user account registration) or art. 6(1) f GDPR (if the newsletter is sent to you as a registered user, performing our justified interest in this scope in the form of marketing of our products or services),
correspondence – art. 6(1) f GDPR.
User account – detailed information
When creating a user account, you must provide the data necessary to set up an account: e-mail address and password. Providing data is voluntary, but necessary to create an account.

As part of editing your account details, you can provide more data, in particular data that may be used when placing orders, such as your name and surname.
You can modify the your information provided to us in connection with the registration of your user account at any time.

The data provided by you in connection with the creation of an account is processed in order to provide you with an electronic service providing you with the possibility of using the user account and receiving regular notifications about new products on the website. This service is provided on the basis of a contract concluded on the terms described in the regulations, which means that in this respect the legal basis for the processing of your personal data is art. 6(1) b GDPR.

The data provided by you in connection with the creation of an account is also processed for the purpose of sending notifications regarding the website.
The data will be stored for the duration of functioning of the user’s account. You can delete your account at any time.

If the User makes a payment in connection with the use of the website, the payment is made by Stripe, and the information about the positive authorization of the payment is sent to the Administrator to activate the purchased function.


Newsletter – detailed information
If you have registered an account on the website, you will receive a newsletter from us. We carry out our activities in this area based on the legitimate interest of marketing our own products or services (Article 6 (1) (f) GDPR).
By subscribing to the newsletter, regardless of the registration of your user account, you provide us with your e-mail address as part of the subscription form. Providing data is voluntary, but necessary to subscribe to the newsletter. In such a situation, the legal basis for data processing is your consent (Article 6 (1) (a) GDPR), which is expressed by submitting the subscription form.

In regards of information that does not come from you, and was collected automatically by our mailing system, we rely in this respect on our legitimate interest (Article 6 (1) (f) GDPR) consisting in analysing the behaviour of newsletter subscribers in order to optimize mailing activities.

You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or by simply contacting us.
Despite unsubscribing from the newsletter, your data will still be stored in our database in order to identify the returning subscriber and possibly defend claims related to sending you the newsletter, in particular to prove that you granted consent to receive the newsletter and the moment of its withdrawal, which is our legal legitimate interest referred to in article 6 (1) (f) GDPR. If the limitation period for civil law claims, punishability under criminal law or penalties under administrative law would expire after the winding up of business, the data will be deleted after this period expires.

You can modify your data provided for the purposes of receiving the newsletter at any time by clicking on the appropriate link visible in each message sent as part of the newsletter or by simply contacting us.
Correspondence – detailed information
By contacting us, you naturally provide us with your personal data contained in the correspondence, in particular your e-mail address and name and surname. Providing data is voluntary, but necessary to make contact.

In this case, your data is processed so we can contact you, and the basis for processing is article 6 (1) (f) GDPR, i.e. our legitimate interest. The legal basis for processing after the completion of contact is also our legitimate purpose in the form of archiving correspondence for the purpose of ensuring the possibility of proving certain facts in the future (Article 6 (1) (f) GDPR).

The content of the correspondence may be archived and we are not able to clearly determine when it will be deleted. You have the right to request the history of correspondence with us (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to our overriding interests, e.g. defence against potential claims on your part.

7. How long will your personal data be stored?
The data storage periods have been indicated separately for each purpose of processing. You will find this information in the detailed information for each separate processing purpose.

8. Who will receive your personal data?
We will risk saying that modern business cannot do without services provided by third parties. We also use such services. Some of these services are related to the processing of your personal data. The following processing entities are involved in the processing of personal data:
hosting provider that stores data on the server,
provider of the mailing system in which your data is stored, if you are a newsletter subscriber,
an entity providing maintenance services that gains access to data, if the technical works carried out relate to areas where personal data is located,
other subcontractors who gain access to data, if the scope of their activities requires such access.
Personal data may be transferred to law offices, if there is a need to use legal assistance that requires access to personal data.

In addition, if necessary, your personal data may be made available to entities, authorities or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, prosecutor’s offices.
What’s more, we use tools that collect a lot of information about you that are related to the use of our website. It concerns, in particular, the following information:
information about the operating system and web browser you use,
subpages viewed,
time spent on the website,
transitions between individual subpages,
clicks on individual links,
the source from which you go to our site,
the age range you are in,
your gender,
your approximate location limited to the town you are in,
your interests based on your online activity.
This information in itself is not, in our opinion, personal data. Since this information is collected by external tools that we use, this information is also processed by tool providers according to terms resulting from their regulations and privacy policies. Basically, this information is used to provide and improve services, manage them, develop new services, measure the effectiveness of advertisements, protect against fraud and abuse, and personalize the content and advertisements displayed on individual websites, sites and applications. We tried to describe more details on this below, as part of the explanations related to individual tools.

9. Will your personal data be transferred to third party states or international organizations?
Yes, part of the processing of your personal data may involve their transfer to third party states.

We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.

Personal data is stored on servers located in third party states using the following tools:
1. MailerLite mailing system, the provider of which is MailerLite Inc., a Delaware corporation at 548 Market St PMB 54955 San Francisco, California 94104-5401 USA – including your name, e-mail address, IP address and statistical information related to your reactions to news sent by us,
2. hosting provider GreenGeeks, 249 3411 Silverside Rd. Tatnall Building #104 Wilmington, DE 19810 USA

We would also like to remind you that we use external tools that may collect anonymous information about you. We have mentioned this several times under this policy, including in our response to the previous question. The providers of these tools often use servers located around the world, in particular in the USA, to store the collected information.

10. Do we use profiling? Do we make automated decisions on the basis of your personal data?
We do not make decisions based solely on automated processing, including profiling, which would have legal effects on you or have a similarly significant effect.

Yes, we use tools that can take specific actions depending on the information collected as part of the tracking mechanisms, but we believe that these actions do not have a significant impact on you, because they do not differentiate your situation as a customer, do not affect the terms of the contract you can to conclude with us, etc.

By using certain tools, we can, for example, direct personalized advertisements to you based on your previous activities on our website or suggest products that may be of interest to you. This is the so-called behavioural advertising. We encourage you to learn more about behavioural advertising, in particular regarding about the privacy issues. Detailed information, along with the ability to manage your behavioural advertising settings, can be found here: http://www.youronlinechoices.com.
We emphasize that as part of the tools we use, we do not have access to information that would allow your identification. The information we are talking about here is, in particular:
information about the operating system and web browser you are using,
subpages viewed,
time spent on the website,
transitions between individual subpages,
the source from which you arrived to our site,
your age range,
your gender,
your approximate location limited to the town,
your interests based on your online activity.
We do not combine the information indicated above with your personal data, which is in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of individual tools’ suppliers, and these servers usually are located all over the world.

11. What rights do you have in reference to the processing of your personal data?
GDPR grants you the following potential rights related to the processing of your personal data:
the right to access your data and receive a copy thereof,
the right to rectify (correct) your data,
the right to delete data (if in your opinion there are no grounds for us to process your data, you can request that we delete it),
the right to limit data processing (you can request that we limit the processing of data only to their storage or performance of activities agreed with you, if in your opinion we have incorrect data or we process it unjustifiably),
the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate a specific situation that, in your opinion, justifies the termination of the processing covered by the objection; we will stop processing your data for these purposes, unless we prove that the grounds for data processing by us override your rights or that your data is necessary for us to establish, assert or defend claims),
the right to transfer data (you have the right to receive from us, in a structured, commonly used, machine-readable format, personal data that you provided to us on the basis of a contract or your consent; you can commission us to send this data directly to another entity),
the right to withdraw consent to the processing of personal data, if you previously gave such consent,
the right to lodge a complaint to the supervisory body (if you find that we are processing data unlawfully, you can file a complaint with the Chairman of the Personal Data Protection Office or another competent supervisory authority).


The rules related to the implementation of the above-mentioned rights are described in detail in Article 16 – 21 GDPR. We encourage you to familiarize yourself with these regulations. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to them in any and all cases of your personal data processing.

We emphasize that you always have one of the rights indicated above – if you believe that we have breached the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory authority.

You can also always ask us to provide you with information about what data we have about you and for what purposes we process it. All you need to do is send a message to [email protected] However, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the e-mail address provided above if you have any questions related to the processing of your personal data.

12. Do we use cookies and what are they?
Our website, like almost all other websites, uses cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our IT system (own cookies) or IT systems of third parties (third party cookies). Cookies save and store specific information which can then be access for specific purposes by IT systems.

Some of the cookies we use are deleted after the end of the browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the website (persistent cookies).

If you want to learn more about cookies as such, you can see, for example, do it here:
https://wikipedia.org/wiki/HTTP_cookie.

13. On what basis are cookies used by us?
We use cookies on the basis of your consent, except when cookies are necessary for the proper provision of electronic services to you.

As far as your consent to cookies is concerned, we accept the option to which you agree through the settings of your web browser or additional software supporting the management of cookies. We assume that you agree to all cookies used by us that are not blocked by your browser or any additional software you use.

Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on our website and cause difficulties in using our website, as well as many other websites that use cookies. For example, if you block cookies from social plug-ins, then buttons, widgets and social functions implemented on our website may be unavailable for you.

14. Can you switch cookies off?
Yes, you can manage cookie settings in your web browser. You can block all or selected cookies. You can also block cookies from specific websites. You can also delete previously saved cookies and other site and plug-in data at any time.

Web browsers also offer the option of using incognito mode. You can use it if you do not want information about visited pages and downloaded files to be saved in your browsing and download history. Cookies created in incognito mode are deleted when all incognito windows are closed.

There are also browser plug-ins to control cookies, such as Ghostery (https://www.ghostery.com). The option to control cookies may also be provided by additional software, in particular anti-virus packages, etc.

In addition, there are tools available on the Internet that allow you to control some types of cookies, in particular for collective management of behavioural advertising settings (e.g. http://youronlinechoices.com,
http://networkadvertising.org/choices).

Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on our website and cause difficulties in using our website, as well as many other websites that use cookies. For example, if you block cookies from social plug-ins, then buttons, widgets and social functions implemented on our website may be unavailable for you.

15. For what purpose do we use own cookies?
Own cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining a session after logging in to the account, remembering recently viewed UIs.

16. What third party cookies are used?
Our website uses the following third party cookies:
Google Analytics,
Google Tag Manager,
Pinterest Tag,
Facebook Custom Audiences,
Facebook, Twitter (social media tools cookies).
Details on individual third party cookies are described below.


Google Analytics – detailed information
We use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest, consisting in the creation of statistics and their analysis in order to optimize our websites.

In order to use Google Analytics, we have implemented a special Google Analytics tracking code in the code of our website. The tracking code uses Google LLC cookies for the Google Analytics service. You can block the Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.
Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to Google servers, which may be located all over the world and stored there.

Due to the IP anonymization activated by us, your IP address is shortened before forwarding. Only in exceptional cases is the full IP address transferred to Google servers and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google data.


We would like to emphasize that as part of Google Analytics we do not collect any data that would allow your identification. Therefore, the data collected as part of Google Analytics is not personal data for us. The information we have access to in the scope of Google Analytics is, in particular:
information about the operating system and web browser you are using,
subpages viewed on our website,
time spent on the website and its subpages,
transitions between individual subpages,
the source from which you arrived to our site,


In addition, as part of Google Analytics, we use the following Advertising Functions:
demographic and interest reports,
remarketing,
advertising reporting functions, user-ID.


We also do not collect personal data in the scope of Advertising Functions. The information we have access to is, in particular:
your age range,
your gender,
your approximate location limited to the town,
your interests based on your online activity.


Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world and certifies compliance with the relevant requirements by the systems supporting Google Analytics and Google Analytics 360.

If you are interested in details related to Google’s use of data from websites and applications that use Google services, we encourage you to read this information: https://policies.google.com/technologies/partner-sites.


Google Tag Manager – detailed information
We use the Google Tag Manager tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA and enabling tag management, i.e. small code fragments, thanks to which we are able to control traffic and user behaviour, collect information on the effectiveness of advertisements and undertake activities aimed at improving our website. Google Tag Manager does not collect any information that allows your identification, however, this tool triggers other tags, which in turn may collect data.


Pinterest Tag – details
We use the Pinterest Tag, which is a piece of code that we have added to our site in order to allow Pinterest to track visitors to the site and the actions they take on the site after an ad is displayed on Pinterest. This allows us to measure the effectiveness of ads on Pinterest and understand the actions users take on our site, also referred to as conversions, after viewing or responding to an ad. We carry out activities in this regard based on our legitimate interest in the form of an analysis of conducted marketing operations. Pinterest Tag is provided by Pinterest Europe Ltd, an Irish company based at: Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.


Facebook Custom Audiences – detailed information
As part of the Facebook Ads advertising system provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA, we use the Custom Audience Group functionality to direct targeted advertising messages to specific user groups. We carry out activities in this area based on our legitimate interest of marketing our own products or services. In order to send you personalized ads relating to your behaviour on our website, we have implemented Facebook Pixel as part of our website, it automatically collects information about your use of our website. The information collected in this way is most often transferred to Facebook servers, which may be located all over the world, in particular in the United States of America.

The information collected as part of Facebook Pixel is anonymous, i.e. it does not allow us to identify you. Depending on your activity on our websites, you may be assigned to a specific group of recipients, but we do not identify individual people belonging to these groups in any way.

However, we inform you that Facebook may combine the collected information with other information collected about you as a part of your usage of Facebook and use it for its own purposes, including marketing. Such Facebook activities are no longer dependent on us, and you can search for information about them directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. You can also manage your privacy settings from your Facebook account. Here you will find useful information in this regard: https://www.facebook.com/ads/settings.


Social media tools – detailed information
Our website uses plug-ins, buttons and other social media tools, hereinafter collectively referred to as “plug-ins”, provided by social networks such as Facebook or Twitter.
By displaying our website with a plug-in of a given social network, your browser sends information about the visit to the administrator of this social network. Since the plug-in is a part of the social network site embedded in our website, the browser sends information about the request to download the content of the social network site to our site. The plug-ins collect certain information about you, such as user ID, visited website, date and time, and other information about the web browser.
Social network administrators use some of this information to personalize the viewing conditions of our website. For example, when you visit a page with a “Like” button, the administrator of the social network site needs to know who you are to show you which of your friends also like our page.

The information collected by plug-ins may also be used by administrators of social network sites for their own purposes, such as e.g. improving their own products, creating user profiles, analysing and optimizing their own activities, targeting ads. We have no real influence on how the information collected by the plug-ins is used by the administrators of social networks. You can look for details in this regard in the regulations and privacy policies of individual social network sites.

Social network plug-ins collect and transmit information to the administrators of these websites even when you browse our website without being logged in to your account on the social network. However, then the browser sends a more limited set of information.
If you have logged in to one of the social network sites, the website administrator will be able to directly assign a visit to our site to your profile on a given social network site.
If you do not want social networks to assign the data collected during your visit to our website directly to your profile on a given website, you must log out of such network before visiting our website. You can also completely prevent the loading of plug-ins on the website by using appropriate extensions for your browser, e.g. blocking scripts.

In addition, the use of certain plug-ins may involve the publication of certain information on your social profiles. For example, information about clicking the “Like” button may be available on your Facebook timeline. Of course, if you share some content on your social media using plug-ins embedded on our website, this sharing will naturally be visible in your profile.

As for the details related to the processing of information collected by plug-ins by the administrators of social network sites, in particular the purpose and scope of data collection and their further processing and use by administrators, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy, you can find everything in the privacy policies of individual service providers:

Facebook – https://www.facebook.com/privacy/explanation,
Twitter – https://twitter.com/en/privacy.

17. Do we follow your behaviour in the scope of our service?
Yes, we use Google Analytics and Facebook Custom Audiences which collect information about your activity on our website. These tools are described in detail in the third party cookie question, so we will not repeat this information here as well.
18. Are you targeted with advertisements?
Yes, we use Facebook Ads, under which we can target specific target groups defined on the basis of various criteria such as age, gender, interests, profession, job, activities previously undertaken as part of our website. These tools are described in detail in the third party cookie question, so we will not repeat this information here as well.
19. How can you manage your privacy?
The answer to this question can be found in many places in this privacy policy in descriptions of individual tools, behavioural advertising, cookie consent, etc. However, for your convenience, we have collected this information in one place. Below you will find a list of options for managing your privacy.
cookie settings in the web browser,
browser plug-ins supporting the management of cookies, e.g. Ghostery,
additional cookie management software,
incognito mode in a web browser,
behavioural advertising settings, e.g. youronlinechoices.com,
Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout,
Facebook Ads Settings: https://www.facebook.com/ads/settings.
20. What are server logs?
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.

Logs include your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.

The data stored in the server logs is not associated with specific people using the website and is not used by us to identify you.

The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.
21. Is there anything else you should know?
As you can see, the subject of personal data processing, the use of cookies and general privacy management is quite complicated. We have made every effort to ensure that this document provides you with as much knowledge as possible on issues important to you. If anything is unclear to you, you want to know more or just talk about your privacy, please write to us at [email protected]

[authModal_mobile_activator]