Privacy Policy

Data protection
1) Introduction and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Adrianna Morrison, MORISSON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. Partyzancka 34, 63-400 Ostrów Wielkopolski, Poland, Tel.: +49 152 17484436, Fax: +49 152 17484436, Email: morisson.trade@gmail.com. The person responsible for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (eg orders or inquiries to the person responsible), this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the site server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page - Browser used
- Operating system used
- IP address used (if necessary: ​​in anonymous form)

The processing takes place in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), some of these cookies remain on your device for a longer period of time and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings in your web browser.

If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Article 6 (1) (b) GDPR either for the execution of the contract, in accordance with Article 6 (1) (a) GDPR in the event that consent has been given or in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

4) Contact

When contacting us (e.g. via contact form or email), personal data is processed – exclusively for the purpose of processing and answering your request and only to the extent required for this.

The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Article 6 (1) (f) GDPR. If your contact is aimed at a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. Your data will be deleted if it can be inferred from the circumstances that the facts in question have been finally clarified and provided that there are no legal storage obligations to the contrary.

5) Data processing when opening a customer account

In accordance with Article 6 Paragraph 1 Letter b GDPR, personal data will continue to be collected and processed to the extent required in each case if you provide it to us when opening a customer account. The data required for opening an account can be found in the input mask of the relevant form on our website.

A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After deleting your customer account

Your data will be deleted if all contracts concluded have been completed, there are no legal retention periods to the contrary and we have no legitimate interest in further storage.

6) Use of Customer Data for Direct Marketing

Sign up for our email newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to be able to address you personally. We use the so-called double opt-in procedure to send the newsletter, which ensures that you only receive the newsletter if you have expressly confirmed your consent to receive the newsletter by clicking on a verification link sent to the email address provided

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. We store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your e-mail address at a later point in time. The data we collect when registering for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. After you have unsubscribed, your e-mail address will be deleted immediately from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.

7) Data processing for order processing

7.1 Insofar as it is necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned bank in accordance with Article 6 Paragraph 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provide when ordering (name, address, e-mail address) in order to inform you within the framework of our legal information obligations in accordance with Art. 6 Para 1 lit. c GDPR via a suitable communication channel (e.g. by post or e-mail) about upcoming updates in the period stipulated by law. Your contact details will be strictly earmarked for communications

about updates owed by us and processed by us for this purpose only to the extent that this is necessary for the respective information.

In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the implementation of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Use of special services for order management and execution - Shopify Order Printer

We use the following provider to process orders: Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Name, address and any other personal data will be passed on to the provider in accordance with Article 6 (1) (b) GDPR for the purpose of processing the online order. Your data will only be passed on to the extent that this is actually necessary to process the order. The provider is also used for bookkeeping. The provider processes incoming and outgoing invoices and, if necessary, our company’s bank transactions in order to automatically record invoices, match them to transactions and create financial accounting from them in a partially automated process.

If personal data is also processed here, the processing is carried out in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.

7.3 Use of payment service providers (payment services) - Apple Pay

If you decide to use the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed using the "Apple Pay" function of your device running iOS, watchOS or macOS by debiting a payment card stored with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. In order to release a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your device.

For the purpose of payment processing, the information you provide during the ordering process, along with the information about your order, will be sent to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is sent to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website through which the purchase was made can access the payment details. After the payment

has been made, Apple will send your device account number and a transaction-specific dynamic security code to the originating website to confirm payment success.

If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR.

Apple retains anonymized transaction information, including approximate purchase amount, date and time, and whether the transaction was successfully completed. The anonymization completely excludes any personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and the authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that personally identifies you. You can disable the ability to use Apple Pay on your Mac in your iPhone's settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.

You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027
- Paypal checkout

This website uses PayPal Checkout, an online payment system from PayPal, which consists of PayPal's own payment methods and local third-party payment methods.

When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L -2449 Luxembourg (hereinafter "PayPal"), continue. The transfer takes place in accordance with Art. 6 Paragraph 1 lit. b GDPR and only to the extent that this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "Pay later" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal's legitimate interest in determining your solvency. PayPal uses the result of the credit check in relation to the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. In the calculation of the score values ​​flow under

other, but not limited to, address data. You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

If you select the PayPal payment method "purchase on account", your payment data will first be sent to PayPal to prepare the payment, after which PayPal will forward it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") to carry out the payment. The legal basis is Article 6 (1) (b) GDPR. In this case, RatePay carries out an identity and credit check on its own behalf to determine solvency in accordance with the principle already mentioned and gives your payment data to credit agencies based on the legitimate interest in determining solvency in accordance with Article 6 (1) (f) GDPR further. A list of the credit agencies that Ratepay can use can be found here: https://www.ratepay.com/legal-payment-creditagencies/

When using the payment method of a local third-party provider, your payment data will first be passed on to PayPal in accordance with Article 6 (1) (b) GDPR in order to prepare the payment. Depending on your selection of an available local payment method, PayPal then transmits your payment data to the relevant provider to carry out the payment in accordance with Article 6 (1) (b) GDPR:

- Immediately (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, The Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium) - blik (Polski Standard Płatności sp. z oo, ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2
1200 Vienna, Austria)
- MyBank (PRETA SAS, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)

For more information on data protection law, please refer to PayPal's data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Shopify Payments

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from the provider for which you make an advance payment (e.g. credit card payment), the payment details you provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be sent to them passed on in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent that it is necessary for this.

- stripes

One or more online payment methods from the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

If you select a payment method from the provider for which you make an advance payment (e.g. credit card payment), the payment details you provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be sent to them passed on in accordance with Art. 6 Para. 1 lit. b GDPR. In this case, your data will only be passed on for the purpose of payment processing with the provider and only to the extent that it is necessary for this.

If you select a payment method in which the provider makes an advance payment (e.g. invoice or installment purchase or direct debit), you will also be asked to enter certain personal data (first and last name, street, house number, postal code, city, date of birth, E -Mail address, telephone number, if necessary data on an alternative means of payment).

In order to safeguard our legitimate interest in determining the solvency of our customers, we forward this data to the provider for the purpose of a credit check in accordance with Article 6 (1) (f) GDPR. Based on the personal data you provide and other data (e.g. shopping cart, invoice amount, order history, payment history), the provider checks whether the payment option you have selected can be granted with regard to payment and/or bad debt risks.

The credit report can contain probability values ​​(so-called score values). As far as score values ​​are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical process. Among other things, but not exclusively, address data is included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

8) Retargeting/ remarketing and conversion tracking

- Google MarketingPlatform
This website uses the online marketing tool Google Marketing Platform operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("GMP").

GMP uses cookies to serve ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads

in which browser and can thus prevent them from being displayed multiple times. In addition, GMP can use cookie IDs to record so-called conversions related to ad requests. This is the case, for example, when a user sees a GMP ad and later, using the same browser, goes to the advertiser's website and buys something through that website. According to Google, GMP cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and are therefore informing you as follows according to our state of knowledge: By integrating GMP, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address. As part of the use of GMP, personal data may also be transmitted to the servers of Google LLC. come in the US.

All of the processing described above, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

The data protection regulations of GMP by Google can be found here: https://www.google.de/policies/privacy/

9) Rights of the data subject

9.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise requirements:

- Right to information according to Art. 15 GDPR;
- Right to rectification according to Art. 16 GDPR;
- Right to erasure according to Art. 17 GDPR;
- Right to restriction of processing in accordance with Art. 18 GDPR;
- Right to information according to Art. 19 GDPR;
- Right to data portability according to Art. 20 GDPR;
- Right to revoke granted consent in accordance with Art. 7 Para. 3 GDPR; - Right to complain according to Art. 77 GDPR.

9.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL

PROCESSING DATA ON THE BASIS OF OUR PREVIOUS LEGITIMATE INTERESTS, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPREHENSIVE REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FUNDAMENTAL FREEDOMS, OR IF THE PROCESSING IS FOR THE CERTIFICATION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP THE PROCESSING OF THE DATA INVOLVED FOR DIRECT MARKETING PURPOSES.

10) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and - if relevant - also based on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of an express consent in accordance with Article 6 Paragraph 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed as part of legal or similar obligations on the basis of Article 6 (1) (b) GDPR, this data will be routinely deleted after the retention period has expired, provided that it is no longer required to fulfill or initiate a contract and/or we have no legitimate interest in further storage.

When processing personal data on the basis of Article 6 Paragraph 1 Letter f GDPR, this data will be stored until you exercise your right of objection in accordance with Article 21 Paragraph 1 GDPR, unless we can provide compelling reasons worthy of protection prove the processing that outweighs your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for direct marketing purposes

Based on Article 6 Paragraph 1 lit. f GDPR, this data will be stored until you exercise your right of objection under Article 21 Paragraph 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Copyright © 2023, IT law firm Alter Messeplatz 2 80339 Munich Tel: +49 (0)89 / 130 1433 - 0 Fax: +49 (0)89 / 130 1433 - 60