I. GENERAL PROVISIONS
2. The administrator of the Online Store and at the same time the Controller of personal data collected via the Online Store is Marek Łazorczyk running a business under the name “Marek Łazorczyk” registered in the Central Register and Information on Economic Activity, address: ul. Wapienna 49, 43-340 Kozy, tax ID number (NIP) 9372466248, REGON 364539547, email address: firstname.lastname@example.org, telephone number: +48 570 21 00 18 – hereinafter referred to as the “Controller” who is also the Service Provider of the Online Store and the Seller.
4. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of the threat, the Controller implements appropriate technical and organizational measures to ensure that the processing is in accordance with the GDPR and to be able to prove it. These measures are reviewed and updated as necessary. The Controller uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted via the Internet.
II. METHODS AND PURPOSES OF THE PROCESSING OF PERSONAL DATA
1. Using the Online Store involves the processing of personal data of the Customers for the following purposes:
1.1. Performance of the Purchase Agreement or any agreement for the provision of Online Services or taking action at the request of the data subject, before concluding the above-mentioned agreements; Legal basis: Article 6 para. 1 lit. b) GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject, prior to entering into a contract;
1.2. Marketing; Legal basis: Article 6 para. 1 lit. a) GDPR (consent) – the data subject has consented to the processing of his personal data for marketing purposes by the Controller;
1.3. Expressing an opinion by the Customer on the concluded Purchase Agreement; Legal basis: Article 6 para. 1 lit. a) GDPR – the data subject has consented to the processing of his personal data in order to express an opinion;
1.4. Keeping tax books; Legal basis: Article 6 para. 1 lit. c) GDPR in connection with with art. 86 § 1 of the Tax Ordinance – processing is necessary to fulfill a legal obligation incumbent on the Controller;
1.5. Determining, investigating or defending claims that may be raised by the Controller or which may be raised against the Controller; Legal basis: Article 6 para. 1 lit. f) GDPR (legitimate interest of the controller) – processing is necessary for the purposes of the Controller’s legitimate interests, consisting in establishing, investigating or defending claims that may be raised by the Controller or which may be raised against the Controller;
1.6. Using the website of the Online Store and ensuring its proper operation; Legal basis: Article 6 para. 1 lit. f) GDPR (legitimate interest of the controller) – processing is necessary for purposes arising from the legitimate interests of the Controller, consisting in running and maintaining the Online Store website;
1.7. Keeping statistics and traffic analysis in the Online Store; Legal basis: Article 6 para. 1 lit. f) GDPR (legitimate interest of the controller) – processing is necessary for the purposes of the Controller’s legitimate interests, consisting in keeping statistics and analyzing traffic in the Online Store in order to improve the functioning of the Online Store and increase the sale of Products;
1.8. Newsletter distribution – pursuant to art. 6 sec. 1 lit. a GDPR, i.e. the consent of the User given just before subscribing to the Newsletter, and for the purpose of implementing direct marketing addressed to the User, pursuant to art. 6 sec. 1 lit. f GDPR, i.e. the legitimate interest of the Controller;
1.9. Processing of a complaint, withdrawal from the agreement – by submitting a complaint or a declaration of withdrawal from a contract, the User provides personal data contained in the content of the complaint or declaration of withdrawal from the contract, which include name and surname, address, e-mail address, bank account number. Providing this data is voluntary, but necessary to submit a complaint or withdraw from an agreement. The data provided in connection with the submission of a complaint or withdrawal from an agreement are used to implement the complaint procedure or the procedure of withdrawal from an agreement (Article 6 (1) (c) of the GDPR), and then for archival purposes, which is the legitimate interest of the Controller (Article 6 (1) (f) of the GDPR). The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaints and statements of withdrawal from an agreement may also be archived in order to be able to prove the course of the complaint process or withdraw from the agreement in the future. In the case of data provided in the process of submitting a complaint or withdrawing from an agreement, some of the rights will not be entitled to the User always and under all conditions;
1.10. Contact with the Controller via e-mail – for this purpose, the User provides their email address and other data contained in the message. Providing an email address is voluntary, but necessary to contact the Controller via e-mail. In this case, personal data is processed in order to contact the User, and the basis for processing is the User’s consent resulting from the initiation of contact (Article 6 (1) (a) of the GDPR). The data will also be processed after contacting the Controller. The legal basis for such processing is the legitimate purpose of archiving correspondence for the purpose of showing its course in the future (Article 6 (1) (f) of the GDPR).
III. TRANSFER OR PERSONAL DATA
1. Personal data may be transferred to entities whose services are used by the Controller in order to run the Online Store and provide services through it. The Controller uses only the services of such processors that provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects. The transfer of data by the Controller does not take place in every case and not to all recipients or categories of recipients indicated below – the Controller provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if the User uses a personal pick-up option, their data will not be transferred to the courier cooperating with the Controller.
2. The personal data of the Users may be transferred to the following recipients or categories of recipients:
2.1. carriers / forwarders / courier brokers / entities servicing the warehouse and / or the shipping process – in the case of the User who uses the method of delivery of the Product by courier in the Online Store, the Controller provides the collected personal data of the User to the selected carrier, forwarder or intermediary performing the shipment on behalf of the Controller, and if the shipment takes place from an external warehouse – to the entity operating the warehouse and / or the shipping process – to the extent necessary to deliver the Product to the Customer.
2.2. entities servicing electronic payments or by payment card – in the case of a User who uses the Online Store with the method of online payments or with a payment card, the Controller provides the collected personal data of the Customer to the selected entity servicing the abovementioned payments in the Online Store at the request of the Controller to the extent necessary to handle payments made by Users.
2.3. the provider of the opinion poll system – in the case of the User who has agreed to express an opinion on the concluded Purchase Agreement, the Controller provides the collected personal data of the User to the selected entity providing the system of opinion polls on the concluded Purchase Agreements in the Online Store at the request of the Controller to the extent necessary for the User to express an opinion through the opinion poll system.
2.6. providers of social plugins, scripts and other similar tools placed on the website of the Online Store, enabling the browser of the person visiting the website of the Online Store to download content from the providers of the aforementioned plugins and transferring personal data of the visitor for this purpose, including:
a) Facebook Ireland Ltd. – The Controller uses Facebook social plugins on the Online Store website and therefore collects and provides personal data of the User using the Online Store website to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland) to the extent and in accordance with the privacy rules available here: https://www.facebook.com/about/privacy/ (this data includes information about the activity on the Online Store website – including information about the device, visited websites, purchases, displayed advertisements and how to use the services – regardless of whether the User has a Facebook account and is logged in to Facebook).
IV. PERSONAL DATA STORAGE PERIOD
1. Personal data necessary to handle the process of selling products in the Online Store, processing claims, confirming the performance of the Controller’s obligations and pursuing claims or defending against claims that may be directed against the Controller, as well as for archival and evidence purposes – will be stored for the period necessary for the purpose for which they were collected, but not longer than 10 years from the date of collection of these data.
2. Other personal data will be kept for the period necessary for the purpose for which they were collected, but not longer than 5 years from the date of collection of such data.
V. ONLINE STORE USER PROFILING
2. The Controller may use profiling for direct marketing purposes in the Online Store, but the decisions made on its basis by the Controller do not apply to the conclusion or refusal to conclude a Purchase Agreement or the possibility of using Online Services offered in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a discount, sending a discount code, reminding about unfinished purchases, sending a Product suggestion that may correspond to the interests or preferences of a given person, or suggesting better conditions compared to the standard offer of the Online Store. Despite profiling, a User can make a free decision whether they will want to use the discount received in this way, or better conditions and make a purchase in the Online Store.
3. Profiling in the Online Store consists of an automatic analysis or forecast of a User’s behavior on the Online Store website, e.g. by adding a specific Product to the basket, browsing a specific Product page in the Online Store or by analyzing the previous history of purchases in the Online Store. The condition of such profiling is the Controller having personal data of a User in order to be able to send them, e.g. a discount code.
4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects or significantly affects the person in a similar way.
VI. USERS’ RIGHTS IN CONNECTION WITH THE PROCESSING OF THEIR PERSONAL DATA
1. According to the GDPR, the User has the following rights in connection with the processing of his personal data:
1.1. The right to be informed about how personal data is processed;
1.2. The right to access and rectify personal data;
1.3. The right to delete personal data; The Controller may refuse to delete data for which there is a basis for their further processing (e.g. fulfillment of a legal obligation or pursuing claims or defending against claims that may be directed against the Controller);
1.4. The right to request the restriction of personal data processing;
1.5. The right to object to the processing of personal data if the basis for processing is the Controller’s legitimate interest or performance of tasks in the public interest;
1.6. The right to withdraw consent if personal data was processed on the basis of the consent of the User;
1.7. The right to transfer personal data.
2. All of the abovementioned rights can be exercised by contacting the Controller via email at: email@example.com. Requests will be processed without undue delay, no later than within 30 days from the date of receipt of the request. Within this period, the Controller will respond or inform about a possible extension of the deadline and explain the reasons. If the Controller has doubts as to whether a specific request was made by an authorized person, he may ask a few additional questions to verify the identity of the applicant.
VII. COOKIES AND ANALYTICS
1. General Cookies information:
1.3. Cookies are small text information in the form of text files, sent by the server and saved on the device of the person visiting the website of the Online Store (e.g. on the hard drive of a computer, laptop or on a smartphone’s memory card – depending on which device the visitor uses). Detailed information on Cookies as well as the history of their creation can be found here: https://pl.wikipedia.org/wiki/HTTP_cookie.
1.4. Cookies used by the Controller are safe for the devices of the Customers. In particular, it is not possible for viruses or other unwanted software or malware to enter the devices of Users in this way. Cookies allow to identify the software used by the User and individually adjust the operation of the Store. Cookies usually contain the name of the domain they come from, the storage time on the device and the assigned value.
1.5. Cookies that can be sent by the Online Store website can be divided into various types, according to the following criteria:
a) Due to their supplier:
● own (created by the Controller’s Online Store website) and
● belonging to third parties / entities (other than the Controller).
b) Due to their storage period on the device of the person visiting the website of the Online Store:
● session Cookies (they are stored on the Customer’s device and remain there until the end of the browser session. The saved information is then permanently deleted from the device’s memory. The session Cookies mechanism does not allow the collection of any personal data or any confidential information from the Customer’s device.)
● persistent (they are stored on the Customer’s device and remain there until they are deleted. Ending the browser session or turning off the device does not delete them from the Customer’s device. The persistent Cookies mechanism does not allow the collection of any personal data or any confidential information from the Customer’s device.)
c) Due to the purpose of their application:
● necessary (enabling the proper functioning of the Online Store website),
● functional / preferential (enabling the adjustment of the Online Store website to the preferences of the website visitor),
● analytical and performance (collecting information on how the Online Store website is used),
● marketing, advertising and social media (collecting information about a person visiting the website of the Online Store in order to display personalized advertisements to that person and conducting other marketing activities, including on websites separate from the website of the Online Store, such as social networks.
1.6. The User has the option to limit or disable the access of Cookies to their device. If you use this option, the use of the Store will be possible, except for functions that, by their nature, require Cookies.
2. The Controller may process the data contained in Cookies when visitors use the Online Store website for the following specific purposes:
2.1. identifying the Users as logged in to the Online Store and showing that they are logged in (necessary Cookies);
2.2. remembering Products added to the cart in order to place an Order (necessary Cookies);
2.3. remembering data from completed Order Forms, surveys or login data to the Online Store (necessary and / or functional / preferential Cookies);
2.4. adjusting the content of the Online Store website to the individual preferences of the User (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store websites (functional / preferential cookies);
2.5. keeping anonymous statistics showing how the Online Store website is used (statistical cookies);
2.6. remarketing, i.e. research on the behavior of visitors to the Online Store through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social Cookies).
3. Possibility to specify the conditions for storing or accessing Cookies:
3.1. User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access to the User’s device. Changes to the settings referred to in the preceding sentence may be made using the settings of a web browser. These settings can be changed to block the automatic handling of Cookies in the web browser settings, or to inform about them each time a Cookie is placed on the Customer’s device. Detailed information on the possibilities and methods of handling Cookies is available in the software (web browser) settings.
3.2. User may at any time delete Cookies using the options available in the web browser they use.
4. The Controller may use Google Analytics, Google Ads Remarketing Tag services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller keep statistics and analyze traffic in the Online Store. The collected data is processed as part of the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. These data are collective. The Controller, using the abovementioned services in the Online Store, collects such data as a way of obtaining visitors to the Online Store and the manner of their behavior on the Online Store website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age, gender) and interests.
5. It is possible for a person to easily block information about their activity on the Online Store website – for this purpose, you can, for example, install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
VIII. SERVER LOGS
Using the Online Store involves sending queries to the server on which the Online Store’s pages are stored. Each query directed to the server is saved in the server logs. Logs include User’s IP address, server date and time, information about the User’s web browser and operating system. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific Users and are not used by the Controller to identify the Users. The server logs are only auxiliary material used to administer the Store, and their content is not disclosed to anyone except those authorized to manage the server.
IX. SECURITY AND PERSONAL DATA PROTECTION BODY
1. The Controller guarantees the confidentiality of all personal data provided to him. The Controller ensures that all security and personal data protection measures required by law are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.
2. If you believe that the Controller is processing personal data unlawfully, you can file a complaint with the competent authority, which is the President of the Personal Data Protection Office.
X. FINAL PROVISIONS