GENERAL PROVISIONS GROUNDS FOR DATA PROCESSING PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE DATA RECEIVERS IN THE ONLINE STORE PROFILING IN THE ONLINE STORE THE RIGHT OF A PERSON WHO THE DATA CONCERNS COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS FINAL PROVISIONS
1.2. The administrator of personal data collected via the Online Store is Maria Szumna conducting business under the name Maria Szumna “Zielony Smok” entered into the Central Register and Information on Economic Activity of the Republic of Poland conducted by the minister responsible for economy, having: address of the place of business and delivery address: ul. Ludwika Rydygiera, No. 25 / LU 13, 30-695 Kraków,, NIP 9451547343 REGON 9451547343, e-mail address: email@example.com, contact phone number: 530-448-440 – hereinafter referred to as the “Administrator” and being at the same time the Store’s Service Provider Internet and the Seller.
1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection) – hereinafter referred to as “RODO” or “RODO Regulation”. The official text of the RODO Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
1.5.The Administrator shall exercise special diligence to protect the interests of persons whose personal data they process concerns, and in particular is responsible and ensures that the data collected by them is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) kept in a form that permits the identification of persons whom they concern, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probabilities and seriousness of risk, the Administrator shall implement appropriate technical and organizational measures for processing in accordance with this Regulation and to be able to prove it. These measures shall be reviewed and updated where necessary. The administrator uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
GROUNDS FOR DATA PROCESSING
2.1. The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has consented to the processing of his personal data in one or more specific goals; (2) processing is necessary for the performance of a contract to which the data subject is party or take action at the request of the data subject prior to the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation of the Administrator; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Administrator or by a third party, except when the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail over those interests , in particular when the data subject is a child.
PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
3.1. Each time, the purpose, basis, period and scope of, and recipients of personal data processed by the Administrator results from actions taken by a given Customer or Client in the Online Store. For example, if the Customer decides to make purchases in the Online Shop and selects a personal collection of the purchased Product instead of a courier parcel, his personal data will be processed in order to execute the concluded Sales Agreement, but they will no longer be made available to the carrier performing the shipment at the request of the Administrator.
DATA RECEIVERS IN THE ONLINE STORE
4.1.For the proper functioning of the Online Store, including for the implementation of Sales Agreements concluded, it is necessary for the Administrator to use the services of external entities (such as, for example, software vendor, courier or payment processor). The administrator uses only the services of such processors who provide sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing meets the requirements of the Regulation of the GDPR and protects the rights of the data subjects.
4.3. Personal data of Customers and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.3.1.przewoźnicy / forwarders / courier brokers – in the case of a Customer who uses the Online Store with the method of delivery of the Product by post or courier, the Administrator provides the Customer’s collected personal data to the selected carrier, forwarder or agent performing the shipment at the request of the Administrator to the extent necessary to deliver the Product to the Customer.
4.3.2. Entities servicing electronic payments or by credit card – in the case of a Customer who uses the Online Store with the electronic payment method or payment card, the Administrator provides the Customer’s collected personal data to a selected entity servicing the above payments in the Online Store at the request of the Administrator to the extent necessary to service payments made by the client.
4.3.3.conductors / lessors – in the case of a Customer who uses the online store payment method in the installment system or leasing payment, the Administrator provides the collected personal customer data to the selected lender or the lessor servicing the above payments in the Online Store at the request of the Administrator to the extent necessary handling payments made by the client.
4.3.4. Providers of the opinion-giving survey system – in the case of the Customer who agreed to express an opinion on the concluded Sales Agreement, the Administrator provides the Customer’s collected personal data to the selected entity providing a system of surveys expressing the concluded Sales Agreement in the Online Store on the Administrator’s request to the extent necessary to express by the client’s opinion through the system of opinion polls.
PROFILING IN THE ONLINE STORE
5.2. The Administrator may use profiling for direct marketing purposes in the Online Store, but the decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a given person a rebate, sending a rebate code, reminding about unfinished purchases, submitting a Product proposal that may correspond to the interests or preferences of a given person, or offering better terms compared to the standard offer of the Online Store . Despite profiling, a given person makes a free decision whether he will want to use the rebate received in this way, or better conditions and make a purchase in the Online Store.
5.3.Profiling in the Online Store consists in the automatic analysis or forecast of a given person’s behavior on the Online Store website, eg by adding a specific Product to the basket, browsing a specific Product page in the Online Store, or by analyzing the previous history of purchases in the Online Store. The condition of such profiling is the Administrator having personal data of a given person in order to be able to send it, eg a discount code.
5.4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects or substantially affects the person.
THE RIGHT OF A PERSON WHO THE DATA CONCERNS
6.1. Access, rectification, restriction, deletion or transfer – the data subject has the right to request the Administrator to access their personal data, rectify them, delete (“the right to be forgotten”) or limit the processing and has the right to bring opposition to processing, and has the right to transfer your data. Detailed conditions for the exercise of the abovementioned rights are indicated in art. 15-21 of the GDPR Regulation.
6.2. Right to withdraw consent at any time – a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to Article 6 paragraph 1 letter a) or art. 9 par. 2 lit. a) Regulation of the GDPR), it has the right to withdraw consent at any time without affecting the lawfulness of the processing, which was made on the basis of consent before its withdrawal.
6.3. The right to lodge a complaint to the supervisory body – a person whose data is processed by the Administrator, has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the Regulation of the GDPR and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Office for Personal Data Protection.
6.4. Right to object – the data subject has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data based on art. 6 par. 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator may no longer process such personal data unless he demonstrates the existence of valid legally valid grounds for processing that override the interests, rights and freedoms of the data subject, or the grounds for determining, investigating or defending claims.
6.5. Right to object to direct marketing – if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for such marketing purposes, including profiling, in the scope in which the processing is related to such direct marketing.
COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS
7.1. Cookies (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Online Store (eg on the hard drive of the computer, laptop or on the smartphone’s memory card – depending on which devices are used by visitors to our Online Shop). Detailed information about cookies as well as the history of their creation can be found, among others here: http://en.wikipedia.org/wiki/City.
7.2. The Administrator may process data contained in Cookies when users use the Online Store for the following purposes:
7.2.1 identification of the Registered Users as logged in to the Online Store and showing that they are logged in;
7.2.2. Remembering Products added to the basket in order to place an Order;
7.2.3 storing data from completed Order Forms, surveys or login details to the Online Store;
7.2.4 adaptation of the content of the Online Store website to the individual preferences of the Service Recipient (eg regarding colors, font size, page layout) and optimization of the use of the Online Store websites;
7.2.5.creating anonymous statistics showing the manner of using the Online Store website;
7.2.6. Remarketing, that is, research on the behavior of visitors to the Online Store through anonymous analysis of their activities (eg repeated visits to specific websites, key words, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, including when they visit other websites on the Google Inc. Display Network and Facebook Ireland Ltd.
7.3.Standardly most of the web browsers available on the market by default accept saving cookies. Everyone has the possibility to define the terms of using cookies using the own browser’s settings. This means that you can, for example, partially restrict (eg temporarily) or completely disable the option of saving cookies – in the latter case, however, it may affect some functionalities of the Online Store (for example, it may not be possible to pass the order path through the Order Form due to for not memorizing the Products in the basket during the next steps of submitting the Order).
7.5. Detailed information on changing cookies settings and their self-removal in the most popular web browsers are available in the help section of the web browser and on the following pages (just click on the link):
in the Chrome browser
in the Firefox browser
in Internet Explorer
in the Opera browser
in the Safari browser
in the Microsoft Edge browser
7.6.The Administrator may use the Google Analytics services provided by Google Inc. in the Online Store. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) and from the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland). These services help the Administrator analyze the traffic in the Online Store. The data collected is processed as part of the above services in an anonymised way (these are so-called operating data that prevent the person from being identified) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous in nature, i.e. they do not contain identification features (personal data) of visitors to the Online Store website. Administrator using the above services in the Online Store collects such data as the source and medium of obtaining visitors to the Online Store and how to store them on the Online Store website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age , sex) and interests.
7.7.It is possible to easily block information about its activity on the Online Store’s website by a given person – to this end, you can install a browser plug-in provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en