§1 General provisions
1. This document is an appendix to the Regulations. When you use our services, you entrust us with your information. This Privacy Policy serves only as an aid to understanding what information and data is collected and for what purpose and what we use it for. This data is very important to us, so please read this document carefully as it sets out the principles and ways of processing and protecting personal data. This document also sets out the rules for the use of “Cookies”.
2. We hereby declare that we comply with the principles of personal data protection and all legal regulations provided by the Personal Data Protection Act and the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC.
3. The person whose personal data is processed has the right to ask us for comprehensive information on how we use his/her personal data. We always make a clear effort to inform you about the data we collect, how we use it, what purposes it is intended to serve and to whom we transfer it, what protection we provide for this data when it is transferred to other entities, and provide information on the institutions to contact in case of doubt.
4. The Service shall apply technical measures such as: physical protection measures for personal data, hardware measures for IT and telecommunications infrastructure, protection measures within the framework of software tools and databases, and organizational measures to ensure adequate protection of processed personal data, and in particular to protect personal data from being made available to unauthorized third parties, from being obtained by an unauthorized person and used for an unknown purpose, as well as from accidental or intentional alteration, loss, damage or destruction of such data.
5. Under the terms of the Regulations and this document, we have exclusive access to the data. Access to personal data may also be entrusted to other entities through which payments are made, which collect, process and store personal data in accordance with their Terms and Conditions, and entities tasked with processing orders. Access to personal data is granted to the aforementioned entities to the extent necessary and only to the extent necessary to ensure the performance of services.
6. Personal data shall be processed only for such purposes for which you have given your consent by clicking on the relevant fields of the form provided on the Website or in any other explicit manner. The legal basis for the processing of your personal data is your consent to the processing of data or the requirement to perform the service (e.g. ordering a Product) that you have ordered from us (pursuant to Article 6, paragraph. 1 lit. a and b of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) – RODO.
§2 Privacy rules
1. We take privacy seriously. We are characterized by respect for privacy and the fullest possible and guaranteed convenience in the use of our services.
2. We value the trust that Users place in us by entrusting us with their personal information for the purpose of order processing. We always use personal data fairly and in such a way as not to disappoint that trust, only to the extent necessary to fulfill the order including its processing.
3. You have the right to receive clear and complete information about how we use your personal data and for what purposes. We always clearly inform about the data we collect, how and to whom we provide it, and provide information about the entities to contact in case of concerns, questions, comments.
4. If you have any doubts about our use of your personal information, we will promptly take measures to clarify and resolve such doubts, we will fully and completely answer all questions in this regard.
5. We will take all reasonable measures to protect Users’ data from improper and uncontrolled use and secure it comprehensively.
6. Data Administrator of your personal data can be found on the “contact” tab located on the website.
7. The legal basis for processing your personal data is Art. 6 ust. 1 lit. b) RODO. Provision of data is not mandatory, but it is necessary in order to take appropriate actions prior to the conclusion of the contract and its implementation. We will transfer your personal data to other recipients entrusted with the processing of personal data on our behalf and for our benefit. Your data will be transferred on the basis of Art. 6 ust. 1 lit. f) RODO, where the legitimate interest is the due performance of contracts/orders. In addition, we will share your personal data with other business partners. We store the collected personal data in the European Economic Area (“EEA”), but it may also be transferred to a country outside the EEA and processed there. Each operation of transferring personal data is carried out in accordance with the applicable law. If data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards for countries where the European Commission has not found an adequate level of data protection.
8. Your personal data related to the conclusion and implementation of the contract for the execution of contracts will be processed for the period of their implementation, and for a period no longer than provided for by law, including the provisions of the Civil Code and the Accounting Act, ie. for no longer than 10 years, counting from the end of the calendar year in which the last contract was executed.
9. Your personal data processed for the purpose of entering into and performing future contracts will be processed until you object.
10. You have the right to: access your personal data and receive a copy of the personal data being processed, rectify your inaccurate data; request deletion of your data (right to be forgotten) in case of circumstances provided for in Art. 17 RODO; to request the restriction of data processing in the cases indicated in Art. 18 RODO, to object to the processing of data in the cases indicated in Art. 21 RODO, portability of data provided, processed by automated means.
11. If you believe that your personal data is being processed unlawfully, you may file a complaint with the supervisory authority (Office for Personal Data Protection, 2 Stawki Street, Warsaw). If you need additional information related to data protection or wish to exercise your rights, please contact us by mail at the mailing address.
12. We make every effort to protect against unauthorized access, unauthorized modification, disclosure and destruction of information in our possession. In particular:
a) We control the methods of collecting, storing and processing information, including physical security measures, to protect against unauthorized access to the system.
b) We grant access to personal data only to those employees, contractors and agents who need to have access to it. In addition, they are contractually obligated to maintain strict confidentiality, to allow us to inspect and check how they fulfill their assigned duties, and may face consequences if they fail to fulfill these obligations.
13. We will comply with all applicable data protection laws and regulations and cooperate with data protection authorities and authorized law enforcement agencies. In the absence of data protection regulations, we will act in accordance with generally accepted data protection principles, rules of social intercourse as well as established customs.
14. The exact way to protect personal data is contained in the personal data protection policy (ODO: security policy, personal data protection regulations, IT system management manual) For security reasons, due to the procedures described therein, it is only available for inspection by state control bodies.
15. If you have any questions about how we handle your personal information, you are welcome to contact us using the page from which you were redirected to this Privacy Policy. The request for contact will be immediately forwarded to the appropriate appointed person. 16. You always have the right to notify us if:
a) no longer wishes to receive information or messages from us in any form;
b) wishes to receive a copy of his or her personal information in our possession;
c) correct, update or delete your personal information in our records;
d) wishes to report violations, improper use or processing of his personal data.
17. To facilitate our response or response to the information provided, please provide your name and further details.
§3 Scope and purpose of personal data collection
1. We process necessary personal data for the purpose of providing services and for accounting purposes and only such purposes, i.e. :
a) to place an order,
b) for the purpose of entering into a contract, complaints and withdrawal from the contract,
c) issuance of a VAT invoice or other receipt.
d) monitoring traffic on our websites;
e) collecting anonymous statistics, for determining how users use our website;
f) determining the number of anonymous users of our sites
g) controlling how often the selected content is shown to users and what content is shown most often;
h) Controlling how often users select a particular service or from which service the most frequent contact is made;
i) survey of newsletter signups and contact options;
j) Use of a personalized recommendation system for e-commerce;
k) use of the tool to communicate both by email and, subsequently, by phone;
l) Integration with a community portal;
m) Internet payments, if any.
2. We collect, process and store the following user data:
a) Name,
b) residential address,
c) address for service (if different from the address of residence),
d) tax identification number (TIN),
e) electronic mail (e-mail) address,
f) telephone number (mobile, landline),
g) date of birth,
h) PESEL,
i) information about the web browser used,
j) other personal data voluntarily provided to us.
3. Provision of the above data by is completely voluntary, but also and necessary for the full implementation of services.
4. Purpose of our data collection and processing or use: a) direct marketing, archival purposes of advertising campaigns; b) implementation of obligations imposed by law through the collection of information on adverse reactions;
5. We may transfer personal data to servers located outside your country of residence or to affiliates, third parties based in other countries including countries in the EEA (European Economic Area, EEA – free trade zone and Common Market, comprising the countries of the European Union and the European Free Trade Association EFTA) for the purpose of processing personal data by such entities on our behalf in accordance with the provisions of this Privacy Policy and applicable laws, customs as well as data protection regulations.
6. We keep your personal data for no longer than it is needed for the proper quality of service and, depending on the mode and purpose of its acquisition, we keep it for the duration of the service and after its termination for purposes:
a) fulfillment of obligations under the law, tax and accounting regulations;
b) prevention of fraud or crime;
c) statistical and archiving.
d) Marketing activities – for the duration of the contract, the granting of a separate consent for the processing of such data – until the completion of the transaction processing activities, your objection to such processing or the withdrawal of consent.
e) Surrounding sales and promotional activities – e.g. contests, promotional actions – for the duration and settlement of such actions.
f) Operational activities – until the statute of limitations imposed by the RODO Regulation and relevant national laws, in order to demonstrate reliability in the processing of personal data
g) assert All claims related to the executed contract;
7. Bearing in mind the circumstances that in many of the countries to which this personal data is sent, the same level of legal protection of personal data as in your country does not apply. Your personal data stored in another country may be accessed by, for example: courts, law enforcement and national security authorities, in accordance with the laws of that country. Subject to lawful requests for disclosure, we undertake to require those processing personal data outside your country to take measures to protect your data in a manner adequate to the regulations of their national laws.
§4 “Cookies” Policy
1. We collect information contained in cookies automatically for the purpose of collecting User data. A cookie is a small piece of text that is sent to the user’s browser and which the browser sends back the next time the user visits the site. They are mainly used to maintain a session, e.g. by generating and returning a temporary ID after logging in. We use “session” cookies stored on the User’s terminal device until the User logs out, shuts down the website or shuts down the web browser, and “permanent” cookies stored on the User’s terminal device for the time specified in the parameters of the cookies or until they are deleted by the User.
2. Cookies customize and optimize the site and its offerings for Users through activities such as creating page view statistics and ensuring security. Cookies are also necessary to maintain your session after you leave the website.
3. The administrator processes the data contained in cookies each time the site is visited by visitors for the following purposes:
a) to optimize the use of the site;
b) identification of Service Recipients as currently logged in;
c) adaptation, graphics, selection options and any other content of the site to the individual preferences of the Service Recipient;
d) remembering completed automatically and manually, posted data from Order Forms or login data provided by the visitor;
e) collect and analyze anonymous statistics showing how the site is used in the administration panel and google analytics
f) create remarketing lists based on information about preferences, behavior, use of interests on the Site and collection of demographic data, and then make these lists available in AdWords and Facebook Ads.
g) creation of data segments based on demographic information, interests, preferences in the choice of products/services viewed.
h) use of demographic and interest data in Analytics reports.
4. The user can completely block and delete the collection of cookies at any time using his browser.
5. Blocking by the User the collection of Cookies on his device may hinder or prevent the use of certain functionalities of the site to which the User is fully entitled but must be aware of the limitations of functionality in such a situation.
6. A user who does not want to use “cookies” for the purpose described above at any time may delete them manually. For detailed instructions on how to proceed, visit the website of the manufacturer of the web browser you are currently using.
7. More information about Cookies is available in the help menu of each web browser. Examples of web browsers that support said “Cookies”:
a) Internet Explorer cookie settings
b) Chrome‘s cookie settings
c) Firefox cookie settings
d) Opera cookie settings
e) Safari cookie settings
f) Cookies in Android
g) Cookies on Blackberry
h) Cookies in iOS (Safari)
i) Windows Phone cookies
§5 Rights and obligations
1. We have the right and, in cases provided for by law, the statutory obligation to disclose some or all information about your personal data to public authorities or third parties who make such a request for information under the applicable provisions of Polish law.
2. the User has the right to access the content of his/her personal data that he/she provides, the User may correct, complete the data at any time, and also has the right to request that the data be deleted from his/her databases or cease to be processed, without giving any reason. In order to exercise his/her rights, the User may at any time send the applicable message to the e-mail address or by any other means that will provide/transmit such request.
3. The processing of personal data of individuals who are our customers is based on:
a) legitimate interests as a data controller (e.g., for the creation of a database, analytical and profiling activities, including activities concerning the analysis of product use, direct marketing of own products, securing documentation for the defense against possible claims or for the assertion of claims)
b) consents (including, in particular, consents for e-mail marketing or telemarketing)
c) performance of the concluded agreement
d) obligations under the law (e.g., tax law or accounting regulations).
4. The processing of personal data of individuals who are potential customers is based on:
a) the legitimate interest of the data controller (e.g., for the creation of a database, direct marketing of its own products)
b) consents (including, in particular, consents for e-mail marketing or telemarketing)
5. A request by the User to delete personal data or to cease processing by the User may result in the complete inability to provide services by the User or a serious limitation thereof.
6. We pay special attention to the issue of profiling and point out that:
a) for profiling purposes, we generally process data that has previously been subject to ssl encryption;
b) we use typical data for this: e-mail address and IP address or cookies
c) we profile in order to analyze or predict the personal preferences and interests of people using our Services or products or services and to tailor the content on our Services or products to those preferences
d) we profile for marketing purposes, i.e. Matching the marketing offer to the aforementioned preferences.
7. We undertake to act in accordance with applicable laws and rules of social intercourse.
8. Information on out-of-court handling of consumer disputes. The authorized entity within the meaning of the Law on Out-of-Court Processing of Consumer Disputes is the Financial Ombudsman, whose website address is: www.rf.gov.pl.
§6 Basic safety rules
1. Each user should take care of his own data security and the security of his devices that are used to access the Internet. Such a device should absolutely have an antivirus program with an up-to-date regularly updated database of definitions, types and types of viruses, a secure version of the web browser it uses and a firewall enabled. Users should check that the operating system and programs installed on it have the latest and compatible updates, as attacks take advantage of bugs found in installed software.
2. Access data for services offered on the Internet are – e.g. logins, passwords, PINs, electronic certificates, etc., – should be secured in a place inaccessible to others and impossible to hack from the Internet. They should not be disclosed or stored on the device in a form that allows unauthorized access and reading by unauthorized persons.
3. Caution when opening strange attachments or clicking on links in emails that we did not expect, such as from unknown senders or from the spam folder.
4. It is advisable to run anti-phishing filters in your browser, i.e. tools that check whether the displayed website is authentic and not used for phishing, such as by impersonating a person or institution.
5. Files should be downloaded only from trusted places, services and sites. We do not recommend installing software from unverified sources especially from unknown publishers with an unproven reputation. This includes mobile devices, e.g. smartphones, tablets.
6.When using a home Wi-Fi network, you should set such a password to be secure and difficult to break, it should not be any pattern and string of characters that is easy to guess (such as street name, host name, birthday, etc.). It is also recommended to use the highest possible Wi-Fi encryption standards that are possible to run on your equipment, e.g. WPA2.
§7 Using Social Media Plugins
1. Plug-ins so-called plug-ins of social networks facebook.com and Twitter and others, may be found on our sites. The related services are provided respectively by Facebook Inc. and Twitter Inc.
2 Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook. To view Facebook plugins go to: https://developers.facebook.com/docs/plugins
3. Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. To view Twitter plugins go to: https://dev.twitter.com/web/tweet-button
4. The plug-in only provides its provider with information about which of our websites you accessed and at what time. If you are logged into your account located on, for example, Facebook or Twitter, while viewing or staying on our site, the provider is able to combine your interests, information preferences, and other data, obtained, for example, by clicking the Like button or leaving a comment, or entering your profile name in searches. Such information will also be transmitted by the browser directly to the provider.
5. For more detailed information about Facebook or Twitter’s data collection and use and about privacy, please visit the following pages:
a) Data protection/advice on. Privacy issued by Facebook: http://www.facebook.com/policy.php
b) Data protection/advice on. privacy released by Twitter: https://twitter.com/privacy
6. To avoid having your selected user account recorded by Facebook or Twitter on our website, you must log out of your account before browsing our websites.
Copyright notice to the Regulations
The owner of all tangible copyrights to the template of this policy is LEGATO Law Firm, which has granted a non-exclusive and non-transferable right to use this document for the purposes of its own commercial activities on the Internet and extends legal protection to the aforementioned document for the duration of the contract. Copying and distribution of the template of this document without the permission of LEGATO Law Office is prohibited and may be subject to both criminal and civil liability. Online retailers can learn more about how to use the privacy and cookies policy template at http://www.kancelaria-legato.pl