PERSONAL DATA

Controller of your personal

The Controller of your personal data as per the provisions of the laws regulating protection of personal data is Tomasz Urbaniak, the entrepreneur conducting business activity entered into the Central Registration and Information on Business maintained by the proper minister responsible for matters related to commerce under the name Tomasz Urbaniak, 94A Jana Olbrachta St., 01-102 Warsaw, Poland, VAT#: 5252203113, REGON# 017205074 (hereinafter referred to as the “CPD” or the “Controller”).

Regulation of the European Parliament and the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as „GDPR”,

Purpose, legal grounds and terms of processing personal data

Purpose, legal grounds and terms of processing personal data are indicated separately for each purpose of processing data (see descriptions of particular purposes of processing personal data below).

Powers

GDPR grants you inherent rights related to the processing of your personal data:

  • the right to access your personal data;
  • the right to rectify your personal data;
  • the right for your personal data to be erased;
  • the right to restrict processing of your personal data;
  • the right to object to processing of your personal data;
  • the right to data portability;
  • the right to lodge a complaint with a supervisory authority,
  • the right to withdraw consent for processing personal data if you have previously given such consent.

The rules regarding pursuing the above-indicated rights are described in detail in Art. 16-21 of the GDPR. We encourage you to become familiar with those regulations. On our side, we think it is important to clarify, that the above-indicated rights are not absolute and they cannot be exercised in some cases of personal data processing. For your convenience, we have used our best efforts to indicate your rights in a description of each of our data processing operations.

If you decide that while processing of your personal data we have violated the regulations regarding the protection of personal data, you can lodge a complaint with a supervisory authority (Chairman of the Personal Data Protection Authority).

You can always ask us to provide you with information on what data do we have which regards you and what is our purpose in the processing of that data. All you have to do is to send a message to [x]. However, we have also used our best efforts to include complete information which you may be interested in within this Privacy Policy. The above e-mail address may also be used in case you have any questions regarding the processing of your personal data.

Security

We guarantee the confidentiality of all the personal data which is disclosed to us. We also make sure to use all necessary means of security and protection of personal data required by the provisions of the law on personal data protection. We gather personal data with the highest degree of due care and adequately protect it from access by any unauthorised persons.

List of data processing agreements. We trust the following entities to participate in the processing of the personal data which we gather:

  • Kylos Sp. z o.o. (KRS: 0000496957) – with the purpose of hosting personal data on a server,
  • Biuro Rachunkowe Credo Sp.j. – with the purpose of using accounting services, which are related to the processing of your data when we issue an invoice for you,
  • TheInternets Sp z o.o. (KRS: 0000550944) – with the purpose of using IT support services, which may require for the provider to gain access to your personal data.

All entities, which we trust with the processing of personal data guarantee an adequate level of protection and security of the personal data, as required by the provisions of the law.

PURPOSES AND PROCESSING ACTIVITIES

User account

When setting up a user account, you are required to provide your e-mail address and define a password to your account. Disclosing your data is voluntary; however, it is needed for the account to be set up. Within the user profile edition panel, you can provide further details, such as your first and last name, settlement address and delivery address. Disclosing this data is entirely voluntary. You may set up and maintain an account without the need to provide these further details. In such case when placing an order, you will be required to enter this data manually.

The data which you provide within your user account is processed only with the purpose of maintaining of the account and enables you to use it. Entering data into the user account serves the purpose of facilitating the process of placing orders within the store by automatically filling in the details of your orders.

The legal ground for processing of your personal data within the user account is the legitimate business interest resulting from the agreement for maintaining the account, which you enter into on the basis of the store terms of service – Art. 6 section 1 letter b of the GDPR.

The data gathered in the user account is processed within the [x] system and stored on a server infrastructure provided by [x].

Your data will be processed as part of your user account for as long as you hold your account. After deleting the account, the data shall be removed from our database, except for any information regarding the previously placed orders.

You can gain access to your personal data which is processed as part of the account at any time, by logging into your user account. After logging in to the account, you can rectify your data as well as remove it at any time, except for the data which is regarding previously placed orders. You can also decide to delete your account at any time.

With regards to other data gathered in the user account you also have the right to data portability, as per Art. 20 of the GDPR.

Orders

When placing an order, you are required to disclose the data which is necessary for the order to be processed appropriately, that includes your first and last name, settlement address, delivery address, e-mail address, telephone number. Providing those details is voluntary, however, it is required for the order to be processed.

The data which is provided to us with regards to an order is processed for the purpose of delivering the order (Art. 6 section 1 letter "b" of the GDPR), issuing an invoice (Art. 6 section 1 letter "c" of the GDPR), processing of the invoice within our accounting documentation (Art. 6 section 1 letter "c" of the GDPR) and for archiving and statistical purposes (Art. 6 section 1 letter "f" of the GDPR).

The data included in an order which is placed within the store is processed within the [x] system and stored on server infrastructure provided by [x].

If you have a user account, your order will be visible in the history of orders for the given account.

Each order is documented with an invoice. Invoices are issued with the use of [x]. Invoices are submitted to [x] accounting firm.

Orders are also logged within our internal database for archiving and statistical purposes.

Data regarding orders shall be processed throughout the period which is required for delivering the order, and then until the statute of limitations runs out for any claims related to the concluded agreement. Once the statute of limitations runs out, the data may still be processed for statistical purposes. Also, please keep in mind that we are obliged to archive invoices, which include your personal data, for the period of 5 years since the end of the tax year in which a tax obligation arose.

In case of data regarding orders, you do not have the right to rectify this data after the order is completed. You also cannot object to the processing of this data and request for this data to be erased until the statute of limitations for any claims related to the concluded agreements runs out. Similarly, you may not object to the processing of the data or demand for your data to be erased from the information which is included on invoices. After the statute of limitations for any claims regarding the concluded contract runs out, you may object to further processing of your data for statistical purposes and request for your data to be removed from our database.

With regards to the data related to orders you also have the right to data portability, as per Art. 20 of the GDPR.

Complaints and withdrawal from the contract

If you are submitting a complaint or wish to withdraw from a contract, you disclose to us the personal data which is included in the contents of your claim or the withdrawal declaration, which include your first and last name, residence address, telephone number, e-mail address and your bank account number.

The data disclosed to us in relation to a complaint or a withdrawal from a contract is used to carry out the complaint or withdrawal procedure (Art. 6 section 1 letter "c" of the GDPR).

The data shall be processed for as long as necessary to carry out the complaint procedure or the withdrawal. Complaints and declarations of withdrawal from contracts may also be archived for statistical purposes.

In the case of the data included in complaints and declarations of withdrawal from contracts, you cannot rectify this data. You also cannot object to the processing of this data or demand for the data to be removed until the statute of limitations runs out for the claims related to the concluded contract. After the statute of limitations runs our for the claims related to the concluded contract you can object to the processing of your data for statistical purposes, as well as demand for your data to be removed from our database.

E-mail correspondence

By contacting us with the use of electronic mail, including any requests sent to our contact form, you naturally disclose your e-mail address as the sender of the message. Moreover, within the contents of your letter, you may also include other personal data.

Your data is processed in this case with the purpose of getting in touch with you on the grounds of Art. 6 section 1 letter "a" of the GDPR, meaning that your consent for our processing of your personal data results from you initiating contact with us. The grounds for processing of your data after the exchange of correspondence is complete is our legitimate business purpose of archiving mail for internal needs (Art. 6 section 1 letter "c" of the GDPR).

Contents of our correspondence may be archived, and we are not able to unequivocally indicate when is it going to be erased. You have the right to demand from us to present you with the history of our correspondence (if it has been archived), as well as to demand for it to be erased, unless the archiving of it is justified based on our superior interests, for example, such as protection from potential claims from your side.

COOKIE FILES AND OTHER TRACKING TECHNOLOGIES

Our website, just like nearly all other internet websites, uses cookie files to provide you with the best possible user experience.

Cookies are small text-based information files stored on your end device (that is your computer, tablet, smartphone), which may be reviewed by our IT system.

Cookies may be classified into own or third party files.

Consent for using cookies

Upon your first visit to our website, you are presented with information regarding our use of cookie files along with a request for your permission for us to use cookie files. Thanks to a particular tool you can manage cookie files from the level of the website. Moreover, you can always change cookie file settings from the level of your internet browser or generally remove all cookie files. Keep in mind, that rejecting the use of cookies may lead to difficulties in using the website, as well as many other sites, which use cookies.

Own cookie files

We use our cookie files to ensure the proper functioning of our website.

Third party cookie files

Our website, just like most contemporary websites, takes advantage of some functionalities which are provided by third parties, which relates to the use of cookie files by those third parties. Our purposes in using this type of cookies are described below.

Analysis and statistics

We use cookie files to follow our website statistics, such as the number of visitors, type of the operating system and web browser which they use to browse the site, time spent on the website, visited subpages etc. For this purpose, we use Google Analytics, which is related to the use of cookie files from Google LLC. Within the mechanism for managing cookie file settings, you can decide if we will be able to use marketing functions, part of the Google Analytics service.

Marketing

We use marketing tools, such as Facebook Pixel, to display adds. This relates to the use of cookie files from Facebook. Within the cookie file settings, you can decide if you give consent for the use of Facebook Pixel in your case, or not.

We use Google AdWords remarketing tools. This relates to the use of cookies from Google LLC resulting from the Google AdWords service. Within the mechanism for managing cookie file settings, you can decide if we can use Google AdWords in your case.

SERVER LOGS

Using our website relates to sending requests to a server, where the site is hosted. Each such request addressed to the server is recorded within server logs.

Logs include, among others, your IP address, date and time of the server, information regarding the used web browser and the operating system. Logs are recorded and stored on the server.

Data recorded within the logs is not matched with any particular persons using the website, and we do not use the data to identify you.

Server logs are only an auxiliary material used to manage the site, and their contents are not disclosed to anyone other than the persons who are authorised to manage the server.