- GENERAL PROVISIONS
- DATA PROCESSING BASIS
- PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
- RECIPIENTS OF DATA IN THE ONLINE STORE
- ONLINE STORE PROFILING
- RIGHTS OF THE DATA SUBJECT
- ONLINE STORE COOKIES, USAGE DATA AND ANALYSTS
- FINAL PROVISIONS
- The administrator of personal data collected through the Online Store are the partners conducting joint business activity on the basis of LOU Limited Liability Company 5 Usługowa St., 64-100 Leszno District Court Poznań-New Town and Wilda in Poznań Share capital: PLN 100,000.00 KRS: 0001039749, NIP: 6972311618, REGON: 302689485 - hereinafter referred to as the "Administrator" and being at the same time the Online Store Service Provider and the Seller.
- Personal data in the Online Store are processed by the Administrator in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereafter referred to as the "GDPR" or "GDPR Regulation". The official text of the TRADE Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
- The administrator shall take particular care to protect the interests of the persons whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects are accurate: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; (3) substantially accurate and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purpose of the processing and (5) processed in a way which ensures adequate security of personal data, including the protection against unlawful or incompatible processing and accidental loss, destruction or damage, by appropriate technical or organisational measures.
- Having regard to the nature, scope, context and purposes of the processing, and the risk of infringement of the rights or freedoms of natural persons with different degrees of likelihood and seriousness, the controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to demonstrate this. Those measures shall be reviewed and updated as necessary. The controller shall implement technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically.
DATA PROCESSING BASIS
- The administrator is entitled to process personal data in cases where and to the extent that at least one of the following conditions is met: (1) the data subject has consented to the processing of his/her personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject before the conclusion of the contract; (3) processing is necessary for the fulfilment of a legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child, take precedence over these interests.
PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
- Each time the purpose, basis, period and scope and recipients of personal data processed by the Administrator result from actions taken by a given Service Recipient or Customer in the Online Store. For example, if the Customer decides to make purchases in the Online Store and chooses to collect the purchased Product in person instead of by courier, his/her personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier carrying out shipments on the Administrator's order.
- The Administrator may process personal data in the Online Store for the following purposes, on the following grounds, during periods and to the following extent:
- Purpose of data processing
- Legal basis for processing and storage period
- Article 6(1)(b) of the GDPR Regulation (implementation of the Agreement)
- The data is stored for the period necessary to perform, terminate or otherwise terminate the agreement.
- Scope of data processing
- Performing a Sales Agreement or an Electronic Service Agreement or taking action at the request of the data subject before concluding the aforementiod agreements
- Maximum range: first and last name; e-mail address; contact telephone number; delivery address (street, house number, property number, postcode, town, country), residence/business address/seat (if different from delivery address).
Imię, adres poczty elektronicznej
First and last name; address of residence/business/seat (if different from the delivery address), company name and tax identification number (tax number) of the Recipient or Customer
Determining, investigating or defending claims that may be raised by the Administrator or that may be raised against the Administrator
- First and last name; contact telephone number; e-mail address; delivery address (street, house number, property number, postcode, town, country), address of residence/business/seat (if different from delivery address).
-In the case of Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number of the Recipient or Customer.
RECIPIENTS OF DATA IN THE ONLINE STORE
- For the proper functioning of the Online Store, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as a software provider, courier or payment service provider). The Administrator uses only the services of such processing entities, which provide sufficient guarantees of implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.
- Personal data of the Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
- carriers / freight forwarders / courier brokers - in the case of a Customer who uses the Online Store's method of delivery of the Product by mail or courier, the Administrator shall make the collected personal data of the Customer available to a selected carrier, freight forwarder or intermediary carrying out shipments on the Administrator's order to the extent necessary to deliver the Product to the Customer.
- entities handling electronic payments or payment cards - in the case of a Customer who uses the method of electronic payment or payment card in the Online Store, the Administrator makes the collected personal data of the Customer available to a selected entity handling the above payments in the Online Store on the Administrator's order to the extent necessary to handle the payment made by the Customer.
- Lenders / lessors - in the case of a Customer who uses in the Online Store the method of payment in installment or leasing payment system. The Administrator makes available the collected personal data of the Client to a selected lender or lessor handling the above payments in the Online Store on the Administrator's order to the extent necessary to handle the payment made by the Customer.
ONLINE STORE PROFILING
- The Administrator may use profiling in the Internet Store for direct marketing purposes, but the decisions taken by the Administrator on its basis shall not concern the conclusion or refusal to conclude a Sales Agreement or the possibility to use Electronic Services in Online Store. The effect of using profiling in the Online Store may be, for example, granting a discount to a given person, sending him/her a discount code, a reminder of unfinished purchases, sending a product proposal that may correspond to the person's interests or preferences or offering better conditions compared to the standard offer of the Online Store. Despite profiling, it is up to the person to decide whether they want to take advantage of the resulting discount or better conditions and make a purchase in the Online Store.
- Profiling in the Online Store consists in automatic analysis or forecast of a person's behavior on the Online Store’s website, e.g. by adding a particular Product to the basket, browsing the website of a particular Product in the Online Store or by analyzing the history of purchases made in the Online Store. The condition for such profiling is that the Administrator has personal data of the person in question in order to be able to send them e.g. a discount code.
- The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects on the person or in a similar way significantly affects him/her.
RIGHTS OF THE PERSON CONCERNED
- Right of access, rectification, restriction, deletion or transfer - the data subject has the right to demand from the Administrator access, rectification, deletion ("right to be forgotten") or restriction of the processing and has the right to object to the processing and to transfer his data. Detailed conditions for exercising the aforementioned rights are set out in Articles 15-21 of the GDPR Regulation.
- The right to withdraw consent at any time - a person whose data are processed by the controller on the basis of his/her consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation), is entitled to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
- The right to object - the data subject has the right to object at any time - for reasons related to his/her particular situation - to the processing of personal data concerning him/her based on art. 6 paragraph 1 point e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. The administrator shall in such a case no longer process the personal data unless it demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.
- The right to lodge a complaint to the supervisory authority - a person whose data are processed by the controller has the right to lodge a complaint to the supervisory authority in the manner and manner specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
- Right to object - the data subject has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under those provisions. The administrator shall in such a case no longer process the personal data unless it demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.
- Right to object to the processing of personal data concerning him/her for the purposes of direct marketing - where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing
ONLINE STORE COOKIES, USAGE DATA AND ANALYSTS
- Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Internet Shop (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on which device the visitor to our Online Store uses). Detailed information about Cookies, as well as the history of their creation can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Administrator may process the data contained in the Cookies files when visitors use the website of the Internet Store for the following purposes:
- Identification of Recipients as logged in to the Online Store and showing that they are logged in;
- remembering the Products added to the basket in order to place an Order;
- remembering data from completed Order Forms, questionnaires or login data to the Online Store;
- adjusting the content of the Online Store's website to the Customer's individual preferences (e.g. concerning colors, font size, page layout) and optimizing the use of the Online Store's pages;
- keeping anonymous statistics showing how the Online Store's website is used;
- Remarketing, i.e. researching the behavioral characteristics of the visitors to the Online Store through an anonymous analysis of their actions (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Inc. and Facebook Ireland Ltd;
- Detailed information on changing the settings for cookies and their independent deletion in the most popular web browsers are available in the help section of your web browser and on the following pages (just click on the link):
- in the Chrome browser
- in a Firefox browser
- in Internet Explorer
- in the Opera browser
- in the Safari browser
- in the Microsoft Edge browser
- The Administrator may use Google Analytics, Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help the Administrator to analyze traffic in the Online Store. The collected data are processed within the framework of the above services in an anonymized manner (so-called exploitative data, which makes it impossible to identify a person) to generate statistics helpful in administering the Online Store. These data are of an aggregate and anonymous nature, i.e. they do not contain identification features (personal data) of the persons visiting the website of the Online Store. The Administrator using the above services in the Online Store collects such data as sources and means of obtaining visitors to the Online Store and the manner of their behavior on the website of the Online Store, information on the devices and browsers from which they visit the site, IP and domain, geographical data and demographic data (age, gender) and interests.
- It is possible for an individual to easily block the provision of Google Analytics information about his or her activity on the Online Store's website - for this purpose you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
- The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to measure the effectiveness of ads and to find out what actions are taken by visitors to the Online Store, as well as to display matching ads to these people. Detailed information about the operation of Facebook Pixel can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
- Management of the Facebook Pixel's operation is possible by setting ads in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.