I. PERSONAL DATA ADMINISTRATOR
II. SCOPE OF DATA PROCESSING
- The personal data administrator collects and processes identifying personal data, such as name, surname, date of birth, data on the business or place of employment, NIP, REGON number and contact details such as address, telephone number, e-mail address.
- In addition, the Website also processes information that does not constitute personal data about the device on which the user uses the Website, enabling him to use the Website in the best and safest way - i.e. the computer's IP address, information contained in cookies or other similar technologies, session data, data web browser, data on information on websites, and if the user has given additional consent - also information about geolocation.
III. PURPOSE AND BASIS OF DATA PROCESSING
- The user's personal data is processed in accordance with:
- The Act of May 10, 2018 on the protection of personal data,
- The Act of July 18, 2002 on the provision of electronic services,
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter: GDPR),
- Act of July 16, 2014 - Telecommunications Law,
- By the Act of April 23, 1964, the Civil Code.
- In the event of a change in the regulations on the protection of personal data, the Administrator undertakes to comply with their new shape in this Policy.
- The user's personal data will be processed for the purpose of accepting and implementing the Order, concluding, executing and withdrawing from the Agreement, answering questions or providing other information expected by the user, considering complaints, for marketing and statistical purposes, as well as for targeting content or advertisements.
IV. THE METHOD OF OBTAINING DATA
Personal data is obtained directly from the user as a result of their disclosure via the subscription form for the Newsletter or the Order Form. Other data, not constituting personal data, are sent automatically by the device used by the user when using the website.
IN. DATA SHARING
- The Administrator, on the basis of a detailed authorization or an agreement between the Administrator and the entity processing personal data, may transfer the user's data:
- employees and associates of the Administrator,
- entities professionally dealing with legal, accounting or marketing services for the Administrator,
- platformie Shopify obsługiwanej przez Shopify International Limited, a private company limited by shares, incorporated in Ireland under registration number 560279, with its registered offices located at 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, VAT number IE 3347697KH
- Woocommerce.com platform operated by Aut O’Mattic A8C Ireland Ltd based in Dublin, Ireland,
- the Getresponse.pl platform operated by GetResponse sp.z o.o. based in Gdańsk,
- Google Analytics platform operated by Google LLC based in Menlo Park, California, USA
- Facebook, operated by Facebook Inc. based in Palo Alto, California, USA,
- the payment operator, Polish ePłatności, Tajęcina 113, 36-002 Jasionka
- to other entities, on the basis of a data processing agreement, if it is necessary for the purposes of the Agreement.
- The transfer of the user's personal data may take place only in the event of such a necessity in connection with the handling of the user's application, order or inquiry via the contact form.
- Considering the fact that the entities listed in point (a) b) and c) are registered in countries outside the European Economic Area, the Administrator also informs that for statistical purposes, optimization of advertisements, the possibility of social plug-ins, to a very limited extent, he provides data to two entities that meet the criteria of a Third State within the meaning of the GDPR. The headquarters of both entities are located in the United States and both entities have joined the Privacy Shield program, and the data is transferred on the basis of agreements containing clauses specified in the Decision of the European Commission 2010/87 / EU, and therefore the transfer of data to them is in accordance with the implementing decision of the European Commission from on July 12, 2016, and the scope of the transferred data makes it impossible to identify a specific person.
WE. USER PERMISSIONS
The person whose personal data is processed by the Personal Data Administrator has the following rights:
- The right to access your own personal data (Article 15 of the GDPR), including obtaining a copy of the data subject to processing, also in electronic form, to obtain information on the purposes of processing, categories of personal data, categories of recipients to whom the data may be disclosed, and the planned storage period personal data.
- The right to rectify (correct) (Article 16 of the GDPR) your own personal data, if it is incorrect or incomplete.
- The right to request the deletion of personal data (Article 17 of the GDPR) when:
- they are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject has withdrawn the consent and there is no other legal basis for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for processing;
- the personal data has been processed unlawfully;
- personal data must be removed in order to comply with the legal obligation provided for in the Union law or the law of the Member State to which the Administrator is subject;
- the personal data has been collected in relation to the offering of information society services;
- The right to request the restriction of data processing (Article 18 of the GDPR) when:
- the accuracy of the personal data is contested by the data subject - for a period allowing the Controller to verify the correctness of this data;
- the processing is unlawful and the data subject opposes the deletion of personal data and requests the restriction of their use instead;
- The administrator no longer needs personal data for the purposes of processing, but they are needed by the data subject to establish, assert or defend claims;
- The data subject has objected to processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for objection of the data subject;
- The right to lodge a complaint to the President of the Personal Data Protection Office (PUODO), Address: ul. Stawki 2, 00-193 Warsaw.
- To exercise the rights, the user should contact the Administrator by correspondence or by e-mail; The administrator is obliged to provide information about actions taken in connection with the request within 1 month; in particularly complex cases or due to a large number of notifications, this period may be extended to 3 months.
VII. DATA STORAGE PERIOD
In accordance with the applicable legal grounds, the Administrator will store personal data for the duration of the Administrator's legitimate interest, but no longer than for the period of limitation of the Administrator's claims against the data subject.
VIII. DATA SAFETY
The personal data administrator uses appropriate technical and organizational measures to fully protect the user's personal data - in particular, securing them against unauthorized access, loss or destruction. Data in electronic form is secured with appropriate certificates, passwords and security protocols, data in physical form are stored in a place specially adapted for this purpose, inaccessible to third parties.
- identification of computer data and its browser used to browse websites - e.g. by stating whether a given computer has already visited this website;
- adjusting the display of the website to the user's preferences thanks to anonymous analysis of their behavior on the Internet;
- remembered expectations for the website, such as language, color, content layout;
- enabling the operation of individual accounts on websites;
- exclusion of the onerous logging in to each separate subpage of the website;
- "Memory" about the advertisements presented so as not to present the user with repetitive and uninteresting content.
Cookies never change the way devices work and are not harmful to them in any way; do not change the configuration of browsers and are not shared with other websites, advertisers, etc. apart from the entities indicated above in § 5. On each of the websites, the user has the option of accepting or blocking them, which, however, may hinder or prevent access to many possibilities and functionalities of the website. Regardless of the choice made, each browser allows you to clear all cookies stored in it.