Privacy Policy

BLOWW.APP PRIVACY POLICY
§ 1 GENERAL PROVISIONS
1. The Controller of the User personal data collected by this Mobile Application is team conducting business activity under the name BLOWW APP INC. entered in the Canadian Revenue Agency (CRA) registry, place of business and service address: UNIT 204 – 38 FELL AVENUE, NORTH VANCOUVER, BC, V7P 3S2, CANADA., GST (Goods and Services Tax): 746836626, email address: contact@bloww.app
2. Personal data collected by the Controller through the Mobile Application is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
3. Any terms or phrases capitalized in this Privacy Policy shall be interpreted in accordance with their definition as set forth in the Mobile Application’s Terms of Service.

§ 2 THE TYPE OF PERSONAL DATA PROCESSED, THE PURPOSE AND SCOPE OF THE DATA COLLECTION
1. The use of the Mobile Application and the conclusion of contracts for the provision of electronically supplied services through the Mobile Application, which requires the provision of personal data, is entirely voluntary. The data subject decides independently whether he/she wishes to use services supplied electronically by the Operator.
2. The Operator processes the User personal data for the following purposes:
2.1. registration of an Account, in order to create and manage an individual Account, pursuant to Article 6(1)(b) of the GDPR (performance of a contract for the provision of electronically supplied services in accordance with the Mobile Application),
2.2. placing an Order, for the purpose of executing a Sales Contract, pursuant to Article 6(1)(b) of the GDPR (execution of a Sales Contract),
2.3. subscription to the Newsletter in order to send commercial information by electronic means. Personal data is processed upon separate consent, pursuant to Article 6(1)(a) of the GDPR.
3. Data provided by the user:
3.1. Account: full name, email address,
3.2. Order: full name, tax identification number, email address, payment card details,
3.3. Newsletter: email address.
4. User personal data is stored by the Controller in the following circumstances:
4.1. Where processing is based on the performance of a contract, for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless otherwise provided by a specific provision, the limitation period shall be six years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
4.2. Where data processing is based on consent, for as long as the consent is not withdrawn, and after the consent is withdrawn, for a period corresponding to the limitation period for claims that may be raised by the Controller and against him. Unless otherwise provided by a specific provision, the limitation period shall be six years and for claims concerning periodical performances and claims connected with conducting business activity – three years.
5. Upon separate consent and pursuant to Article 6(1)(a) of the GDPR, data may also be processed in order to send commercial information by electronic means or to make telephone calls for the purpose of direct marketing – respectively, in connection with Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means or Article 172(1) of the Act of 16 July 2004 – Telecommunications Law, including those targeted by profiling, provided that the User has given the relevant consent.
6. The Operator shall exercise due care to protect the interests of data subjects, and in particular shall ensure that the data collected are:
6.1. processed lawfully,
6.2. collected for specified, legitimate purposes and not further processed in a manner in conflict with those purposes,
6.3. substantively correct and adequate in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.

§ 3 DISCLOSURE OF PERSONAL DATA
1. User personal data shall be transferred to service providers used by the Controller in the operation of the Mobile Application, in particular to:
1.1. subcontractors involved in the maintenance of the Mobile Application,
1.2. accounting office,
1.3. hosts,
1.4. mailing system providers,
1.5. providers of the software necessary to operate the Mobile Application.
2. Service providers referred to in item 1, to whom the personal data are transferred, shall, in accordance with contractual arrangements and circumstances, either be subject to the instructions of the Controller as to the purposes and means of processing such data (processors) or shall themselves determine the purposes and means of processing (controllers).
3. User personal data shall be stored in the European Economic Area (EEA) subject to §6 of the Privacy Policy.

§ 4 THE RIGHT TO INSPECT, ACCESS AND RECTIFY PERSONAL DATA
1. The data subject shall have the right to access the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
2. Legal grounds for the data subject's request:
2.1. Access – art. 15 of the GDPR
2.2. Rectification – art. 16 of the GDPR
2.3. Erasure (“right to be forgotten”) – art. 17 of the GDPR
2.4. Restriction of processing – art. 18 of the GDPR
2.5. Data portability – art. 20 of the GDPR
2.6. Objection – art. 21 of the GDPR
2.7. Withdrawal of consent – art. 7(3) RODO.
3. In order to exercise the rights referred to in item 2, a relevant email may be sent to the following address: contact@bloww.app.
4. Should the User exercise the right resulting from the aforementioned provisions, the Controller shall comply or refuse to comply with the request forthwith, and in any case no later than within one month of its receipt. In the event, however, that the Controller is unable to comply with the request within one month due to the complexity of the request or the number of requests, the Controller shall comply with the request within the following two months and shall inform the User about the intended extension of the deadline and the reasons for such extension within one month of receipt of the request.
5. Where the processing of personal data is found to violate the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Data Protection Authority.

§ 5 COOKIES
1. The Controller's Mobile Application uses cookies.
2. Cookies are required for the proper provision of services in the Mobile Application. Cookies contain information necessary for the proper functioning of the Application and also offer the possibility of compiling general statistics on the visits to the Application.
3. The Mobile Application uses two types of cookies: „session cookies” and „persistent cookies”.
3.1. Session cookies are temporary files that are stored on the User's end device until the User logs out (leaves the Application),
3.2. Persistent cookies are stored on the User's end device for the time specified in the cookies' parameters or until they are deleted by the User.
4. The Controller uses their own cookies to better understand how Users interact with the content of the Application. Cookies collect information on the manner in which the User utilises the Application as well as the number of visits and the duration of the User's visit to the Mobile Application. This information does not record specific personal data of the User but is used to compile statistics on the use of the website.
5. The User is entitled to choose the extent of access of cookies to his/her computer by selecting them in advance in the browser window. Detailed information on the possibility and methods of managing cookies is available in the software (browser) settings.

§ 6 ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE
1. The Application uses so-called social media plugins. When using the Application that contains such a plugin, the User's device will establish a direct connection to the Instagram, TikTok and YouTube servers.
2. The content of the plugin is transferred by the respective service provider directly to the User's device and integrated into the Application. This integration enables service providers to receive information that a website has been visited on a User's device, even if the User does not have a profile with the service provider or is not currently logged in with the provider. This information (together with the User's IP address) is sent by the browser directly to the server of the relevant service provider (some servers are located in the USA) and stored there.
3. Should the User log in to one of these social media sites, this service provider will be able to directly associate the visit to the website with the User's profile on the relevant social media platform.
4. When the User uses the plugin, e.g. by clicking on the “Like” button or the “Share” button, the relevant information will also be sent directly to the server of the respective service provider and stored there.
5. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the User's rights in this respect and the possibility to adjust the settings to ensure the protection of the User's privacy are described in the service providers' privacy policies:
5.1. https://help.instagram.com/519522125107875?helpref=page_content
5.2. https://policies.google.com/privacy?hl=pl&gl=ZZ.
5.3. https://www.tiktok.com/legal/privacy-policy-eea?lang=pl
6. In the event that the User does not want the social media platforms to attribute the data collected during visits to the Application directly to his/her profile on that platform, the User must log out of that platform prior to accessing the Application. The User can also completely prevent plugins from loading on the website by using appropriate browser extensions, such as blocking scripts with “NoScript”.

§ 7 USER DATA
7.1. Each user of the bloww application has the right to permanently delete all their data from the bloww application. To do this, each user can perform the following steps directly in the bloww application:
a) On your Bloww.app account, click on the "profile" icon, then click on "settings" in the right top corner.
b) Scroll down the screen, then click "delete account".
c) Please follow the given instructions if you wish to "delete your account".
This process is irreversible and the user data cannot be restored in any way.

§ 8 FINAL PROVISIONS
1. The Operator shall process personal data for the purposes of providing services related to the use of the functionality of the Mobile Application.
2. The Controller shall make available appropriate technical measures to prevent unauthorised persons from acquiring and modifying personal data transmitted electronically.
3. The Operator shall apply technical and organisational measures to ensure the protection of the processed personal data, appropriate to the risks and categories of protected data, and in particular to protect the data against their disclosure to unauthorised persons, against their appropriation by an unauthorised person, against their processing in violation of the applicable regulations and against their alteration, loss, damage or destruction.
4. In matters not covered by