TABLE OF CONTENTS:
- GENERAL PROVISIONS
- LEGAL FOUNDATION OF PROCESSING PERSONAL DATA
- PURPOSE, LEGAL FOUNDATION, PERIOD AND EXTENT OF PROCESSING PERSONAL DATA IN THE ONLINE SHOP
- RECIPIENTS OF PERSONAL DATA IN THE ONLINE SHOP
- PROFILING IN THE ONLINE SHOP
- RIGHTS OF THE DATA SUBJECT
- COOKIE FILES IN THE ONLINE SHOP, OPERATING DATA AND ANALYTICS
- FINAL PROVISIONS
- GENERAL PROVISIONS
1.1. The present privacy policy of the Online Shop is of informative nature which means it is not a source of responsibilities for the Recipient of Services or the Clients of the Online Shop. The privacy policy contains primarily the rules concerning processing personal data by the Administrator of the Online shop, including the legal foundations, purposes and extent of processing personal data and the rights of data subjects as well as information in terms of applying cookie files and analytical tools in the Online Shop.
1.2. The Administrator of personal data gathered through the agency of the Online Shop is ADAM STĘPIEŃ who conducts economic activity under the company ADAM STĘPIEŃ, registered in the Central Register and Information on Economic Activity of the Republic of Poland supervised by the minister proper on economy matters, having: address where activity is performed: ul. Bocheńska 3 lok. 17, 31-061 Kraków and address of delivery: ul. Lenartowicza 7/4, 31-138 Kraków, tax number: 6762339556, National Business Registry Number: 123144643, e-mail address: [email protected], phone number: 798912433, 535599595 – hereinafter referred to as “Administrator” and concurrently being the Service Provider of the Online Shop and the Seller.
1.3. Personal data in the Online Shop is processed by the Administrator according to the mandatory legal provisions, most notably in compliance with the regulation of the European Parliament and the European Council 2016/679 of 27th April 2016 concerning protection of natural persons in terms of processing personal data and in terms of unrestrained dataflow as well as repeal of directive 95/46/WE (General Data Protection Regulation) hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. Activity in the Online Shop, including making a purchase, is voluntary. Likewise, in relation to the aforementioned, providing personal data by a Recipient of Services or a Client to the Online Shop is voluntary, subject to two exceptions: (1) concluding a contract with the Administrator – not providing data which is necessary to conclude the contract and execute the Sale Contract or the contract of an Online Service with the Administrator in cases and in terms indicated on the Online Shop’s website and in the Terms and Conditions of the Online Shop and the present privacy policy will result in inability to conclude such a contract. Providing personal data in such a case is a contract requirement and if the data subject wishes to conclude a given contract with the Administrator, they are obligated to provide required data. Each time the extent of required data to conclude the contract is presented beforehand on the website of the Online Shop and in the Terms and Conditions of the Online Shop; (2) statutory responsibilities of the Administrator – providing personal data is a contract requirement resulting from universally standing regulations in force which impose on the Administrator an obligation to process personal data (e.g. processing personal data to keep fiscal or account books) and not providing the data will prevent the Administrator from fulfilling such duties.
1.5. The Administrator gives utmost diligence in order to protect the deals of data subjects, he is primarily responsible for and assures that the gathered data is: (1) processed in accordance with law; (2) gathered for designated, lawful purposes and does not undergo further processing inconsistent with those purposes; (3) substantively correct and pertinent against the purposes to which they are processed; (4) stored in such a form that enables to identify data subjects not longer than necessary to obtain processing aims and (5) processing in a way which ensures proper security of personal data, including that against processing that is illicit or repugnant to the law as well as accidental forfeiture, destruction or damage using appropriate technological or organisational means.
1.6. Having regard to the character, extent, context and purposes as well as the risk of violation of rights or freedom of natural persons of varied probability and extent of risk, the Administrator implements appropriate technological and organisational measures so that processing is held in accordance with present regulation and to be able to prove that. Such measures are reviewed and updated if it is required. The Administrator implements technological measures which prevent extraction and modification of online sent data by unauthorised persons.
1.7. Any words, expressions and acronyms in the present privacy policy and beginning with capital letters (e.g. the Administrator, the Online Shop, the Online Service) should be understood as their stated definitions in the Terms and Conditions of the Online Shop which is available to view on the Online Shop websites.
- LEGAL FOUNDATIONS OF PROCESSING PERSONAL DATA
2.1. The Administrator is authorised to process personal data in the cases when – and to the extent when – one of the following conditions is met: (1) the data subject has given consent to process their personal data for one or more stated purposes; (2) processing is essential to conclude the contract of which one party is the data subject or to take measures on demand of the data subject before concluding the contract; (3) processing is essential to fulfil legal duties that are imposed on the Administrator; or (4) processing is essential for purposes resulting from legally validated interests executed by the Administrator or a third party, except for situations when superior to those interests are interests or basic rights and freedom of the data subject that require protection of personal data, especially if the data subject is a child.
2.2. Processing personal data by the Administrator requires each time at least one foundation indicated in point 2.1 of the privacy policy. Specific foundations of processing personal data of Recipients of Services and Clients of the Online Shop by the Administrator are indicated in the subsequent point of the privacy policy – in reference to a specific purpose of processing personal data by the Administrator.
- PURPOSE, FOUNDATION, PERIOD AND EXTENT OF PROCESSING PERSONAL DATA IN THE ONLINE SHOP
3.1. Each time a purpose, foundation, period and extent as well as recipients of personal data processed by the Administrator result from activities undertaken by the Recipient of Services or Client in the Online Shop. As an example, if a Client decides to purchase goods in the Online Shop and selects collection in person instead of courier delivery, their personal data will be processed in order to conclude the Sale Contract but will not be made available to the carrier who executes deliveries commissioned by the Administrator.
3.2. The Administrator may process personal data in the Online Shop in the following purposes, on the following foundations, in the following periods and to the following extent:
Purpose of processing data | Legal foundation of processing and period of storing data | Extent of processing data |
Executing the Sale Contract or Contract of Online Services or taking measures on demand of the data subject before concluding the aforementioned contracts. | Article 6(1)(b) of GDPR Regulation (performance of the contract)
Data is stored within a period necessary to perform or terminate a concluded contract or an expiry in a different way of a concluded contract. |
Maximum extent: name and surname; e-mail address; phone number; address of delivery (street, house number, local number, postcode, city, country), address of residence/place of business/ dwelling (if different than the delivery address).
In case of Recipients of Services or Clients who are not consumers, the Administrator may additionally process name of the company or tax number of the Recipient of Services or Client. The maximum extent is stated – in case of e.g. collection in person it is not necessary to provide address of delivery. |
Marketing | Article 6(1) (a) of GDPR Regulation (consent)
Data is stored up to the moment of withdrawing consent by the data subject for further processing of their data for this purpose. |
Name, e-mail address |
Keeping tax books | Article 6(1) (c) of GDPR Regulation in relation to article 86 § 1 Tax Ordinance i.e. of 17th January 2017 (Journal of Laws of 2017 item 201)
Data is stored within the period ordained by the legal regulations ordering the Administer to store tax books (pending expiry of limitation period of liability unless tax regulations state otherwise) |
Name and surname; address of residence/place of business/dwelling (if different than address of delivery), name of company and tax number of the Recipient of Services or Client. |
Arrangement, vindication or protection of claims that may be imposed on the Administrator | Article 6 (1) (f) GDPR Regulation
Data is stored within the period of legally justified interest performed by the Administrator, not longer than the period of limitation for claims against the data subject, in virtue of the Administrator’s economic activity. The limitation period is determined by the legal regulations, especially in the civil code (the standard limitation period for claims connected with running economic activity is three years, and for sale contract is two years. |
Name and surname; phone number; e-mail address; address of delivery (street, house number, local number, postcode, city, country), address of residence/place of business/dwelling (if different than address of delivery. In case of Recipients of Services or Clients who are not consumers, the Administrator may additionally process name of company and tax number of the Recipient of Services or Client. |
- RECIPIENTS OF PERSONAL DATA IN THE ONLINE SHOP
4.1. For proper functioning of the Online Shop, including execution of concluded Sale Contracts, it is essential to cooperate with external entities (such as for example software supplier, carrier or entities handling payment). The Administrator uses only services from such processing entities which ensure sufficient guarantee of implementing proper technological and organisational means in order for the processing to meet the GDPR Regulation requirements and to protect the rights of data subjects.
4.2. Passing data by the Administrator does not occur in every case and not to every recipient indicated in the privacy policy or consumer category – the Administrator passes data only when it is necessary to perform a given purpose of processing personal data and only to the extent which is necessary to perform it. For example, if a Client selects collection in person, their personal data is not passed to carriers cooperating with the Administrator.
4.3. Personal data of Recipients of Services may be passed to the following recipients or category of recipients:
1.1.1. carriers / forwarders / carrier brokers – in case of a Client who selects delivery of a Product by a mail parcel or courier shipment, the Administrator shares gathered personal data of the Client with the chosen carrier, forwarder or carrier broker on the Administrator’s commission to the extent that is necessary to execute delivery of the Product to the Client.
1.1.2. entities handling online payment or payment by card – in case of a Client who selects online payment or by payment card in the Online Shop, the Administrator shares gathered personal data of the Client to the selected entity that handles the above payments in the Online Shop on the Administrator’s commission to the extent which is necessary to support payment executed by the Client.
1.1.3. service suppliers who provide the Administrator with technological, IT and organisational solutions which enable the Administrator to run his economic activity, including the Online Shop and Online Services provided by him (especially software suppliers enabling handling the Online Shop, e-mail and hosting suppliers as well as suppliers of software which enable to manage the company and provide technological aid to the Administrator) – the Administrator shares gathered personal data of a Client with the selected supplier who operates on his commission only in case and to the extent necessary to execute a given purpose of processing data which is in accordance to the present privacy policy.
1.1.4. suppliers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (especially accounting office, law office or debt collection agency) the Administrator shares gathered personal data of a Client with the selected supplier who operated on his commission only in case and to the extent necessary to execute a given purpose of processing data which is in accordance to the present privacy policy.
- PROFILING IN THE ONLINE SHOP
5.1. The GDPR Regulation imposes on the Administrator a requirement to inform about automated decision making, including profiling, referred to in article 22 (1 and 4) and GDPR Regulation and – at least in these cases – necessary information about decision making and about meaning and estimated consequences of such processing for the data subject. Having regard to this, the Administrator gives in this point of the privacy policy information regarding possible profiling.
5.2. The Administrator may use profiling in the Online Shop for direct marketing purposes but decisions based on it by the Administrator do not pertain to concluding or refusing to conclude a Sale Contract or possibility to use Online Services in the Online Shop. Effects of profiling may, for example, include granting a discount, sending a discount code, reminding about unfinished purchase, sending a proposal of a Product which might suit a person’s interests or preferences or offering better terms in comparison to the standard offer in the Online Shop. Despite profiling, it is such a person’s uncontrolled decision if they wish to use the offered discount or better terms and make a purchase in the Online Shop.
5.3. Profiling in the Online Shop consists in automated analysis or prognosis for a person’s behaviour on the Online Shop website, for example by adding a specific Product to the cart, browsing through a specific product’s website in the Online Shop or by analysing past history of purchase in the Online Shop. A condition for such profiling is acquiring by the Administrator personal data of the person in order to send them e.g. a discount code.
5.4. The data subject has a right not to be liable to a decision which is based exclusively on automated processing, including profiling, and generates legal effect or has a similar impact on them.
- RIGHTS OF THE PERSON CONCERNED
6.1. Right of access, rectification, restriction, erasure or portability – the data subject has a right to demand access to all their personal data, its rectification, erasure (“the right to be forgotten”) or restriction of processing and has a right to object to processing and a right to data portability. Detailed conditions of executing the aforementioned right are indicated in articles 15-21 of GDPR Regulation.
6.2. Right to withdraw consent at any moment – the data subject whose personal data is processed by the Administrator based on a given consent (on the basis of article 6(1)(a) or article 9 (2)(a) of GDPR Regulation), has the right to withdraw consent at any moment without any impact on legality of the processing which has been done before the withdrawal of consent.
6.3. Right to lodge a complaint to a supervisory authority – the data subject whose personal data is processed by the Administrator has a right to lodge a complaint to a supervisory authority in a way and in pursuant to a procedure defined in GDPR Regulation and the Polish law, especially data protection act. The President of the Personal Data Protection Office is the supervisory authority in Poland.
6.4. Right to object – the data subject has a right to object at any moment – because of their specific situation – to processing their personal data based on article 6 (1)(e) (interest or public task) or (f)(legitimate interest of the administrator) including processing based on these regulations. In such a case, the Administrator is no longer allowed to process this personal data unless he indicates evidence of important and lawfully justified legal foundation to process, superior to interests, rights and freedom of the data subject or foundation to determine, enforce or protect legal claims.
6.5. Right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has a right to object to processing their personal data at any moment for the purposes of such marketing, including profiling to the extent that it is related to such direct marketing.
6.6. In order to perform legitimation referred to in this point of the present privacy policy, the Administrator may be contacted through a proper written message or an e-mail, the address is given in the introduction of the privacy policy or the contact form which is available on the Online Shop website may be used.
- COOKIE FILES IN THE ONLINE SHOP, OPERATING DATA AND ANALYTICS
7.1. Cookie files are small messages in form of a text file, sent by the server and saved on the side of the visitor of the Online Shop (for example on the hard disc of a computer or laptop or on the memory card of a smartphone – depending which device a person uses to visit the Online Shop). Detailed information on cookie files and the history of their origin may be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
7.2. The Administrator may process data contained in the cookie files while a person visits the Online Shop in the following purposes:
1.1.5. identification of Recipients of Services as logged in the Online Shop;
1.1.6. remembering Products added to cart in order to make an Order;
1.1.7. remembering data from filled Order Forms, questionnaires or login information to the Online Shop;
1.1.8. adjusting the content of the Online Shop to individual preferences of the Recipient of Services (for example concerning the colour, font size, page layout) and optimisation of using the websites of the Online Shop;
1.1.9. conducting anonymous statistics presenting the way of using the websites of the Online Shop;
1.1.10. remarketing, that is studying behaviour features of visitors of the Online Shop through anonymous analysis of their actions (for example: repeated visits to certain pages, key words etc.) in order to create their profiles and provide advertisements suited to their estimated interests, also when they visit other websites within the Google Inc. advertising network and Facebook Ireland Ltd.;
7.3. It is common for most available web browsers to accept saving cookie files by default. Every person has a possibility to determine conditions of use of cookie files in their browsers. It means that it is possible to partly restrict (temporarily for example) or completely turn off the ability to save cookie files – in the latter case in may have an impact on the practicality of some of the functions of the Online Shop (as an example, it may prove impossible to place an Order through the Order Form as it may not save the Products in the cart while going to the next steps in the Form).
7.4. Settings of a web browser in terms of cookie files are relevant when it comes to the consent to use cookie files in our Online Shop – according to the regulations such a consent may also be given in the settings of a web browser. When there is no such consent, settings of a web browser should be adequately changed in terms of cookie files.
7.5. Detailed information on the subject of changing settings concerning cookie files and their removal by oneself in the most popular web browsers are available in the help sections of the browsers and on one of the following websites (just click on a chosen link)
in Chrome browser
in Firefox browser
in Internet Explorer browser
in Opera browser
in Safari browser
in Microsoft Edge browser
7.6. The Administrator may use services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA in the Online Shop. Such services help the Administrator to analyse traffic in the Online Shop. The gathered data is processed within the aforementioned services anonymously (they are so called performance data which prevent identification of a person) to generate statistics helpful in administering the Online Shop. Such data is aggregate and anonymous, i.e. it does not contain identifying features (personal data) of the Online Shop’s visitor. By using the aforementioned services, the Administrator gathers such data as source and means of acquiring visitors in the Online Shop and manner of their behaviour on the website of the Online Shop, information about devices and browsers they use to visit the website, IP address and domain, geographical data and demographical data (age, sex) and interests.
7.7. It is possible for a person to block sharing information about activity on the website of the Online Shop with Google Analytics easily – in order to do it, an add-on created by Google Inc. may by installed, available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
7.8. The Administrator may use on the website of the Online Shop services of Pixel Facebook provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to assess the effectiveness of advertisement and learn what actions visitors undertake in the Online Shop as well as display suitable advertisements. Detailed information about Pixel Facebook may be found on the following website: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
7.9. Management of Pixel Facebook activities is possible through advertisement settings on your account on the Facebook website: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
- FINAL PROVISIONS
8.1. The online shop may contain links to different websites. The administrator advises to acquaint with the established privacy policy upon transferring. The privacy policy hereby presented concerns exclusively the Administrator’s Online Shop.