§1 General provisions
-
This document is an appendix to the Regulations. By using our services, you entrust us with your information. This Privacy Policy serves only as an aid in understanding what information and data is collected and for what purpose and what we use it for. This data is very important to us, so please read this document carefully as it defines the rules and methods of processing and protecting personal data. This document also defines the rules for the use of "cookies"
-
We hereby declare that we comply with the principles of personal data protection and all legal regulations provided for by the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing personal data and on the free movement of such data, and repealing Directive 95/46/EC.
-
The person whose personal data is processed has the right to contact us in order to obtain comprehensive information on how we use his personal data. We always try to inform in a clear way about the data we collect, how we use them, what purposes they are to be used for and to whom we transfer them, what protection we provide for this data when transferring it to other entities and we provide information about institutions to be contacted in case of doubt
-
The website uses technical measures such as: physical protection measures for personal data, hardware measures of IT and telecommunications infrastructure, protection measures as part of software tools and databases, and organizational measures ensuring proper protection of personal data being processed, and in particular they protect personal data against disclosure to unauthorized third parties , obtaining by an unauthorized person and using them for an unknown purpose, as well as accidental or intentional change, loss, damage or destruction of such data.
-
On the terms set out in the Regulations and in this document, we have exclusive access to data. Access to personal data may also be entrusted to other entities through which payments are made, which collect, process and store personal data in accordance with their Regulations and entities that are tasked with the execution of the order. Access to personal data is granted to the above-mentioned entities to the extent necessary and only to those that will ensure the provision of services.
-
Personal data is processed only for the purposes for which you have consented by clicking on the appropriate fields of the form on the Website or in another clear way. The legal basis for the processing of your personal data is consent to data processing or the requirement to perform the service (e.g. ordering a Product) that you ordered from us (pursuant to Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.
§2 Privacy rules
-
We take privacy seriously. We are characterized by respect for privacy and the fullest possible and guaranteed comfort of using our services.
-
We value the trust that Users place in us by entrusting us with their personal data in order to complete the order. We always use personal data in a fair manner and so as not to disappoint this trust, only to the extent necessary to complete the order, including its processing.
-
You have the right to receive clear and complete information about how we use your personal data and for what purposes it is needed. We always clearly inform about the data we collect, how and to whom we transfer it, and we provide information about the entities to be contacted in case of doubts, questions, comments.
-
In case of doubts regarding the use of the User's personal data by us, we will immediately take action to clarify and dispel such doubts, we answer all related questions in a full and exhaustive manner.
-
We will take all reasonable steps to protect Users' data against improper and uncontrolled use and secure it in a comprehensive manner.
-
Data Administrator of your personal data can be found in the "contact" tab located on the website
-
The legal basis for the processing of your personal data is art. 6 sec. 1 lit. b) GDPR. Providing data is not mandatory, but necessary to take appropriate steps prior to the conclusion of the contract and its implementation. We will transfer your personal data to other recipients entrusted with the processing of personal data on behalf of and for us. Your data will be transferred on the basis of art. 6 sec. 1 lit. f) GDPR, where the legitimate interest is the proper performance of contracts/orders. In addition, we will share your personal data with other business partners. We store the collected personal data within the European Economic Area ("EEA"), but it may also be transferred to a country outside this area and processed there. Each operation of transferring personal data is performed in accordance with applicable law. If data is transferred outside the EEA, we use Standard Contractual Clauses and the Privacy Shield as safeguards for countries for which the European Commission has not determined an adequate level of data protection.
-
Your personal data related to the conclusion and performance of the contract for the performance of contracts will be processed for the period of their implementation, as well as for a period not longer than provided for by law, including the provisions of the Civil Code and the Accounting Act, i.e. no longer than for 10 years, counting from the end of the calendar year in which the last contract was performed.
-
Your personal data processed for the purpose of concluding and performing future contracts will be processed until an objection is raised.
-
You have the right to: access your personal data and receive a copy of the personal data subject to processing, correct your incorrect data; request deletion of data (right to be forgotten) in the event of circumstances provided for in art. 17 GDPR; request limitation of data processing in the cases indicated in art. 18 of the GDPR, to object to the processing of data in the cases indicated in art. 21 of the GDPR, to transfer the data provided, processed in an automated manner.
-
If you believe that personal data is being processed unlawfully, you can lodge a complaint with the supervisory authority (Office for Personal Data Protection, ul. Stawki 2, Warsaw). If you need additional information related to the protection of personal data or want to exercise your rights, please contact us by post to the correspondence address.
-
We make every effort to protect against unauthorized access, unauthorized modification, disclosure and destruction of information in our possession. Especially:
-
We control the methods of collecting, storing and processing information, including physical security measures to protect against unauthorized access to the system.
-
We grant access to personal data only to those employees, contractors and representatives who must have access to it. In addition, under the contract, they are obliged to maintain strict confidentiality, to enable us to control and check how they fulfill their duties, and in the event of failure to fulfill these obligations, they may suffer consequences.
-
We will comply with all applicable data protection laws and regulations and we will cooperate with data protection and law enforcement authorities. In the absence of data protection regulations, we will act in accordance with generally accepted data protection principles, principles of social coexistence and established customs.
-
The exact method of personal data protection is included in the personal data protection policy (ODO: security policy, personal data protection regulations, IT system management manual) For security reasons, due to the procedures described therein, it is available only for state control authorities
-
If you have any questions about how we handle personal data, please contact us via the page from which the user was redirected to this Privacy Policy. The request for contact will be immediately forwarded to the appropriate person appointed for this purpose.
-
You always have the right to notify us if:
-
no longer wishes to receive information or messages from us in any form;
-
would like to receive a copy of your personal data that we hold;
-
correct, update or delete your personal information in our records;
-
would like to report violations, improper use or processing of their personal data.
-
In order to make it easier for us to respond or respond to the information provided, please provide your name and further details.
§3 Scope and purpose of collecting personal data
-
We process the necessary personal data in order to provide services and for accounting purposes, and only for such purposes, i.e.:
-
in order to place an order,
-
in order to conclude a contract, make a complaint and withdraw from the contract,
-
issuing a VAT invoice or other receipt
-
monitoring traffic on our websites;
-
collecting anonymous statistics to determine how users use our website;
-
determining the number of anonymous users of our pages
-
controlling how often selected content is shown to users and what content is most common;
-
controlling how often users choose a given service or from which service contact is made most often;
-
examining subscriptions to newsletters and contact options;
-
using a system of personalized recommendations for e-commerce;
-
using the tool for communication both by e-mail and, consequently, by telephone;
-
integration with the community portal;
-
possible online payments.
-
We collect, process and store the following user data:
-
first name and last name,
-
address,
-
delivery address (if different from home address),
-
tax identification number (NIP),
-
e-mail address (e-mail),
-
telephone number (mobile, landline)
-
date of birth,
-
PESEL,
-
information about the web browser used
-
other voluntarily provided personal data.
-
Providing the above data is completely voluntary, but also necessary for the full implementation of the services.
-
Purpose of collecting and processing or using data by us:
-
direct marketing, archival purposes of advertising campaigns
-
performance of obligations imposed by law by collecting information about undesirable activities;
-
We may transfer personal data to servers located outside the country of residence of the user or to affiliated entities, third parties based in other countries, including countries in the EEA (European Economic Area, EEA - Free Trade Area and Common Market , including European Union and European Free Trade Association EFTA countries) for the purpose of processing personal data by such entities on our behalf in accordance with the provisions of this Privacy Policy and applicable laws, customs and regulations regarding data protection
-
We store your personal data no longer than they are needed for the proper quality of service and, depending on the mode and purpose of obtaining them, we store them for its duration and after its completion for the purposes of:
-
performance of obligations arising from the law, tax and accounting regulations;
-
preventing fraud or crime;
-
statistical and archiving.
-
Marketing activities - for the duration of the contract, granting a separate consent to the processing of such data - until the completion of activities related to transaction handling, you object to such processing or withdrawal of consent.
-
Sales-related and promotional activities - e.g. contests, promotional campaigns - for the duration and settlement of such campaigns.
-
Operational activity - until the obligations imposed by the GDPR Regulation and the relevant national regulations expire, in order to demonstrate reliability in the processing of personal data
-
pursuing any claims related to the concluded contract;
-
Bearing in mind the fact that many countries to which this personal data is transferred do not have the same level of legal protection of personal data as in the user's country. Your personal data stored in another country may be accessed in accordance with the laws of that country, for example: courts, law enforcement and national security authorities, in accordance with the laws in force in that country. Subject to lawful requests for data disclosure, we undertake to require entities processing personal data outside the user's country to take measures to protect data in a manner adequate to the regulations of their national law.
§4 "Cookies" Policy
-
We automatically collect information contained in cookies in order to collect User data. A cookie file is a small piece of text that is sent to the User's browser and which the browser sends back the next time he visits the website. They are mainly used to maintain the session, e.g. by generating and sending back a temporary identifier after logging in. We use "session" cookies stored on the User's end device until logging out, turning off the website or turning off the web browser, and "permanent" cookies stored on the User's end device for the time specified in the cookie file parameters or until they are deleted by the User.
-
Cookies adjust and optimize the website and its offer for the needs of Users through activities such as creating statistics of page views and ensuring security. Cookies are also necessary to maintain the session after leaving the website.
-
The administrator processes the data contained in cookie files each time the website is visited by visitors for the following purposes:
-
optimizing the use of the website;
-
identification of Service Recipients as currently logged in;
-
adaptation, graphics, selection options and any other content of the website to the individual preferences of the Service Recipient;
-
remembering automatically and manually supplemented, posted data from Order Forms or login data provided by the visitor;
-
collecting and analyzing anonymous statistics showing how the website is used in the administration panel and google analytics
-
creating remarketing lists based on information about preferences, behavior, how you use the Website, interests and collecting demographic data, and then sharing these lists in AdWords and Facebook Ads.
-
creating data segments based on demographic information, interests, preferences in the selection of viewed products/services.
-
the use of demographic and interest data in Analytics reports.
-
The user can completely block and delete the collection of cookies at any time using his web browser.
-
Blocking by the User of the possibility of collecting cookies on his device may make it difficult or impossible to use some functionalities of the website, to which the User is fully entitled, but in such a situation he must be aware of the functional limitations.
-
A user who does not want to use "cookies" for the purpose described above may delete them manually at any time. To read the detailed instructions on how to proceed, visit the website of the manufacturer of the web browser used by the User.
-
More information on cookies is available in the help menu of each web browser. Examples of web browsers that support the aforementioned "cookies":
-
Cookie settingsInternet Explorer
-
Cookie settingsChrome
-
Cookie settingsFirefox
-
Cookie settingsOpera
-
Cookie settingsSafari
-
Cookies inAndroid
-
Cookies inBlackberry
-
Cookies iniOS (Safari)
-
Cookies inWindows phone
§5 Rights and obligations
-
We have the right, and in cases specified by law, also the statutory obligation to provide selected or all information regarding personal data to public authorities or third parties who submit such a request for information on the basis of applicable provisions of Polish law.
-
The User has the right to access the content of his personal data that he provides, the User may correct and supplement this data at any time, and has the right to request that it be removed from its databases or cease to be processed, without giving any reason. In order to exercise their rights, the User may at any time send a relevant message to the e-mail address or in another way that will provide/transmit such a request.
-
The processing of personal data of natural persons who are our clients is based on:
-
justified interest as a data controller (e.g. in the scope of creating a database, analytical and profiling activities, including activities regarding the analysis of product use, direct marketing of own products, securing documentation for the purpose of defending against possible claims or for the purpose of pursuing claims)
-
consent (including, in particular, consent to e-mail marketing or telemarketing)
-
performance of the concluded contract
-
legal obligations (e.g. tax law or accounting regulations).
-
The processing of personal data of natural persons who are potential customers is based on:
-
justified interest of the data controller (e.g. in the scope of creating a database, direct marketing of own products)
-
consent (including, in particular, consent to e-mail marketing or telemarketing)
-
The User's request to delete personal data or to stop processing them may result in a complete inability to provide services or their serious limitation
-
We attach particular importance to the issue of profiling and point out that:
-
for the purposes of profiling, we usually process data that was previously subject to ssl encryption;
-
we use typical data for this: e-mail address and IP address or cookies
-
we profile in order to analyze or forecast personal preferences and interests of people using our Websites or products or services and matching the content on our Websites or products to these preferences
-
we profile for marketing purposes, i.e. matching the marketing offer to the above preferences.
-
We undertake to act in accordance with applicable laws and rules of social coexistence.
-
Information on out-of-court settlement of consumer disputes. The authorized entity within the meaning of the Act on out-of-court settlement of consumer disputes is the Financial Ombudsman, whose website address is as follows: www.rf.gov.pl.
§6 Basic safety rules
-
Each user should take care of their own data security and the security of their devices that are used to access the Internet. Such a device should absolutely have an anti-virus program with a regularly updated database of definitions, types and types of viruses, a safe version of the web browser it uses and an enabled firewall. The user should check whether the operating system and the programs installed on it have the latest and compatible updates, because the attacks use errors detected in the installed software.
-
Access data to services offered on the Internet - e.g. logins, passwords, PIN, electronic certificates, etc. - should be secured in a place inaccessible to others and impossible to hack from the Internet. They should not be disclosed or stored on the device in a form that allows unauthorized access and reading by unauthorized persons.
-
Be careful when opening strange attachments or clicking links in e-mails that we did not expect, e.g. from unknown senders or from the spam folder.
-
It is recommended to run anti-phishing filters in the web browser, i.e. tools that check whether the displayed website is authentic and is not used for phishing, e.g. by impersonating a person or institution.
-
Files should be downloaded only from trusted places, services and pages. We do not recommend installing software from unverified sources, especially from unknown publishers with unverified reviews. This also applies to mobile devices, e.g. smartphones, tablets.
-
When using your home Wi-Fi wireless network, you should set a password that is safe and difficult to crack, it should not be any pattern or string of characters that is easy to guess (e.g. street name, host name, date of birth, etc.). It is also recommended to use the highest possible encryption standards for Wi-Fi wireless networks, which are possible to run on your equipment, e.g. WPA2
§7 Using Social Media plugins
-
So-called plug-ins of the social networks facebook.com and Twitter and others may be present on our pages. The related services are provided by Facebook Inc. respectively. and Twitter Inc.
-
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook. To see Facebook plugins go to: https://developers.facebook.com/docs/plugins
-
Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. To view Twitter plugins go to: https://dev.twitter.com/web/tweet-button
-
The plug-in only provides its provider with information about which of our websites you have accessed and at what time. If, while viewing our website or staying on it, the user is logged in to his account located, for example, on Facebook or Twitter, the provider is able to combine your interests, information preferences, and other data, obtained, for example, by clicking the Like button or leaving comment, or entering the name of the profile in the search. Such information will also be transferred by the browser directly to the provider.
-
More detailed information on the collection and use of data by Facebook or Twitter and on the protection of privacy can be found on the following pages:
-
Data protection/privacy advice issued by Facebook: http://www.facebook.com/policy.php
-
Data protection/privacy advice issued by Twitter: https://twitter.com/privacy
-
To avoid your visit to your selected user account being recorded by Facebook or Twitter on our website, you must log out of your account before you start browsing our websites.
Copyright notice to the Regulations
The owner of all material copyrights to the pattern of this policy is the LEGATO Law Firm, which has granted the non-exclusive and non-transferable right to use this document for purposes related to its own commercial activity on the Internet and extends legal protection to the above-mentioned document for the duration of the contract. Copying and dissemination of the template of this document without the consent of the LEGATO Law Firm is prohibited and may be subject to both criminal and civil liability. Online sellers can learn more about the possibility of using the privacy policy pattern and cookies on the websitehttp://www.kancelaria-legato.pl