Using https://shop.bobbiny.com/pl/ and https://wholesale.bobbiny.com/ websites (hereinafter the “Website” or “Websites”) requires the processing of personal data. Any personal data shall be processed in accordance with applicable provisions of law, in particular on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”) and the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000, as amended).
The Controller of your personal data within the meaning of the personal data provisions shall be Tomasz Urbaniak operating a business entered in the Central Electronic Register and Information on Economic Activity kept by the minister competent for the economy, under the name of Tomasz Urbaniak, address: ul. Jana Olbrachta 94A, 01-102 Warszawa, NIP (Tax Identification Number): 5252203113, REGON (Business Statistical Number): 017205074 (hereinafter “ADO” or the “Controller”).
The Controller has not appointed a personal data protection officer.
You may contact the Controller about any issues related to personal data protection by sending an e-mail to the following address: firstname.lastname@example.org.
PURPOSES, LEGAL BASIS AND THE PERIOD OF PERSONAL DATA PROCESSING
The purposes, legal basis and period of personal data processing are indicated separately for each purpose of data processing (see the description of respective purposes of personal data processing below).
The GDPR grants you the following potential rights connected with the processing of your personal data:
- the right of access to personal data,
- the right of correcting personal data,
- the right of deleting personal data,
- the right of restricting personal data processing,
- the right of objecting to the processing of personal data,
- the right of transferring personal data,
- the right of complaining to a supervisory body,
- the right of revoking your consent to the processing of personal data, if you gave such a consent.
Rules applicable to the execution of the above-mentioned rights are described in detail in Articles 16 to 21 of the GDPR. We encourage you to acquaint yourself with these provisions. On our part, we think that we need to explain to you that the rights indicated above are not absolute and you will not be able to exercise them in relation to all activities related to the processing of your personal data. For your convenience, we indicated in the descriptions of separate personal data processing operations your rights in relation to these operations.
If you consider that we breached the personal data protection provisions when processing your personal data, you may submit a complain to the supervisory body (President of the Personal Data Protection Office).
We guarantee the confidentiality of any personal data provided to us. We ensure that all personal data security and protection measures required under the personal data protection provisions have been implemented. Personal data shall be collected with due care and shall be suitably protected against access by unauthorized persons.
Only authorized persons and persons with whom the Controller concluded relevant data entrustment and provision agreements shall have access to personal data. The Controller may provide personal data to entities processing these data on its request, e.g., to our subcontractors, entities providing IT services, marketing agencies and entities authorised to have access to data on the basis of applicable law.
We entrust the provision of personal data in particular to the following entities:
- H88 S.A. (KRS No.: 0000612359) – to store personal data on a server,
- Biuro Rachunkowe Credo Sp.j. – to use accounting services connected with the processing of your data when we issue an invoice to you,
- Zgoda.net sp. z o.o. (KRS No.: 0000536149) – to use IT support services, as a result of which the entity providing the services may gain access to your personal data.
- Paweł Gil, running a business under the name Coolbrand Paweł Gil, address: os. Ogrody 5 premises 77, 27-400 Ostrowiec Świętokrzyski, VAT identification number: 6612300713, REGON 260681435 – to use IT support services, as a result of which the entity providing the services may gain access to your personal data.
All the entities to whom we entrust the processing of personal data guarantee the application of suitable personal data protection and security measures required by the provisions of law.
Your personal data shall not be transferred to any countries outside the European Union or to international organizations, except for situations where it is required by applicable provisions of law. In the event of data transfer to third countries (outside the EU), the Controller shall apply suitable measures to ensure the security of your personal data.
PROCESSING PURPOSES AND ACTIVITIES
When setting up a user account, you must provide your e-mail address and define a password to your account. The provision of your data is voluntary, yet necessary to set up an account. The user profile edition enables you providing your further data, i.e., first name and surname, settlement address and delivery address. The provisions of these data is completely voluntary. You can have an account without providing these further data. In such an event, you will have to enter these data manually when making an order.
The user account data entered by you shall be processed exclusively to maintain the account and make it possible for you to use it. The purpose of providing user account data shall be to facilitate placing orders by you at the shop by automatically filling in the order form.
The legal basis for the processing of your personal data related to the user account shall be the execution of the account maintenance agreement that you conclude on the basis of the shop regulations – Article 6, item 1, letter b of the GDPR.
The data collected on the user account shall be processed by the system of bobbiny.com e-shop based on PrestaShop.
Your account data shall be processed as long as you have a user account. Once the account is deleted, your data shall be deleted from the database, except for data on placed orders.
You may gain access to your personal data processed within the account at any time by logging on to your user account. After logging on to your account, you may modify or delete your data at any time, except for data on placed orders. You may also decide to delete your account at any time.
With regard to data collected on your user account, you shall also be entitled to transfer the data referred to in Article 20 of the GDPR.
When placing an order, you must provide data necessary to complete the order, i.e., first name and surname, settlement address, delivery address, e-mail address, phone number. The provision of these data is voluntary, yet necessary to place an order.
The data provided to us in connection with an order shall be processed to complete the order (Article 6, item 1, letter b of the GDPR), issue an invoice (Article 6, item 1, letter c of the GDPR), include the invoice in our accounting documentation (Article 6, item 1, letter c of the GDPR) and for archiving and statistical purposes (Article 6, item 1, letter f of the GDPR).
The data contained in the order shall be processed by the system of bobbiny.com e-shop based on PrestaShop.
If you have a user account, your order shall be displayed in the order history of your account.
Each order shall be documented with an invoice. Invoices shall be transferred to an accounting office.
Orders shall also be entered into our internal database for archiving and statistical purposes.
Data on an order shall be processed for a period of time necessary to complete the order, and then until the lapse of the limitation period under the concluded agreement. Furthermore, after the lapse of this period, we may still process the data for statistical purposes. Please remember also that we are obliged to store invoices containing your personal data for a period of 5 years following the end of the tax year in which the tax obligation arose.
Regarding data on orders, you shall not be able to correct these data after a given order has been completed. It shall not be possible for you either to object to data processing or demand data deletion until the lapse of the limitation period under the concluded agreement. Similarly, you may not object to the processing or demand the deletion of data contained in invoices. After the lapse of the limitation period under a concluded agreement, you may however object to the processing of your data by us for statistical purposes and demand the deletion of your data from our database.
With regard to data on orders, you shall also be entitled to transfer the data referred to in Article 20 of the GDPR.
COMPLAINTS AND TERMINATION
When making a complaint or terminating an agreement, you provide us with personal data contained in the complaint or termination statement, i.e., your first name and surname, address of residence, phone number, e-mail address and bank account number.
Data provided to us in connection with making a complaint or terminating an agreement shall be used to carry out the complaint procedure or agreement termination procedure (Article 6, item 1, letter c of the GDPR).
The data shall be processed for a period of time necessary to complete the complaint procedure or termination procedure. Complaints and agreement termination statements may also be archived for statistical purposes.
You may not correct data contained in complaints and agreement termination statements. It shall not be possible for you either to object to data processing or demand data deletion until the lapse of the limitation period under the concluded agreement. After the lapse of the limitation period under the concluded agreement, you may however object to the processing of your data by us for statistical purposes and demand the deletion of your data from our database.
By contacting us via electronic mail, including by sending a request using the contact form, you automatically provide us with your e-mail address as the address of the sender of the message. Additionally, the text of your message may also contain other personal data.
In this case, your contact data shall be processed in order to contact you, and the legal basis for the processing shall be the provisions of Article 6, item 1, letter a of the GDPR, i.e., your consent resulting from contacting us. The legal basis of processing after the communication ceases shall be the legitimate purpose, i.e., archiving of correspondence for internal needs (Article 6, item 1, letter c of the GDPR).
The content of the correspondence may be archived and we are not able to unequivocally determine when it will be deleted. You shall have the right to demand to be presented with the history of your correspondence with us (if subject to archiving) and to demand its deletion, unless its archiving is justified by our overriding interests, e.g., protection against your possible claims.
In order to subscribe to our Newsletter, it shall be necessary to provide the e-mail address and your first name via the Newsletter subscription form. The provision of your data is voluntary, yet necessary to subscribe to the Newsletter.
Data provided in order to subscribe to the Newsletter shall be used to send the Newsletter, and the legal basis for their processing shall be the user's consent (Article 6, item 1, letter a of the GDPR) given when subscribing to the Newsletter.
The data shall be processed during the time when the Newsletter functions. You may also resign from receiving the Newsletter at any time. Resignation from receiving the Newsletter shall not result in deletion of your data from the database – they shall still be stored in the mailing system for protection against possible claims connected with sending the Newsletter, in particular for the needs of proving that you gave your consent to receiving the Newsletter, which constitutes the legitimate interest of the Controller (Article 6, item 1, letter f of the GDPR).
The Controller shall be a joint controller of your personal data processed within accounts/profiles/fanpage maintained by the Controller in social media, in particular hello_bobbiny account on Instagram, Bobbiny fanpage on Facebook, hello_bobbiny account on Tik Tok and Bobbiny account on Pinterest.
The personal data provided by you in connection with using the said accounts/profiles/fanpage shall be processed for the purpose of administering and managing the accounts/profiles/fanpage, answering to posts and comments published by you and supervising the content published by users, contacting you and sending you marketing materials, based on the legitimate interest of the Controller (Article 6, item 1, letter f of the GDPR).
The data shall be processed for a period of time necessary to fulfil the processing purposes indicated above, in particular in a period when you are the active user of the account/profile/fanpage or until you object to data processing.
The owners of respective social media portals as joint controllers of your personal data may process your data for their own purposes, based on other legal bases. The rules of personal data processing by these entities are described in their privacy policies.
ADDING PHOTOS OR VIDEOS
In order to add a photo or a video on the Website, you must provide your first name and e-mail address. The provision of your data shall be voluntary, yet necessary to publish materials on the Website. Your personal data may also be contained in the materials you are adding.
We shall process your data on the basis of your consent given by adding materials on the Website (Article 6, item 1, letter a of the GDPR). The data shall be processed until you revoke your consent.
The Website may contain links to websites, plugins and applications of external companies. If you decide to visit such external websites using these links/applications/plugins, operators of these sites may collect or share information about you.
AUTOMATIC PROCESSING AND PROFILING
Your personal data may be subject to automatic processing, including profiling, in order to match the website’s content with your personal preferences and interests. Based on the information concerning the products you have chosen, promotions you have used and materials you have viewed on the Website, the Controller may – on the basis of your consent – present an automatic personalized offer of products and services to you. Neither automatic processing nor profiling shall have any legal effects or significantly affect your situation.
COOKIES AND OTHER TRACKING TECHNOLOGIES
Cookies are small pieces of text information stored at your end device (e.g., a computer, tablet, smartphone), which can be read by our computer system.
Cookies can be divided into first-party cookies and third-party cookies.
CONSENT TO COOKIES
We use first-party cookies to ensure the website’s correct functioning.
Our website, just like most websites nowadays, uses functions provided by third parties, which requires the use of third-party cookies. The use of this type of cookies is described below.
ANALYSIS AND STATISTICS
We use marketing tools, such as Facebook Pixel, to send you advertisements. This is connected with the use of Facebook cookies. The cookies settings enable you deciding whether to give your consent to using Facebook's Pixel by us in your case or not.
We use Google AdWords remarketing tools. This is connected with the use of Google LLC cookies for the Google AdWords service. The mechanism of managing cookies settings enables you deciding whether we will also be able to use Google AdWords in your case or not.
ADDING MATERIALS ON THE WEBSITE
We use the Pixlee plugin to enable you publishing your materials on the Website. This is connected with the use of Pixlee, Inc. cookies.
The use of the website is connected with sending requests to the server on which the website is stored. Each request addressed to the server is saved in the server logs.
The logs contain, among others, your IP address, the server’s date and time, information about the Internet browser and the operating system used by you. Logs are saved and stored on the server.
Data saved in logs are not related to specific persons using the website and are not used by us to identify you.
Server logs constitute only auxiliary materials used to manage the website, and their content is not disclosed to anyone except persons authorized to manage the server.
Last updated: 02.07.2021