2. The owner of the Online Shop and at the same time the data administrator is Piotr Siatkowski conducting business activity under the company located in Grażyny 7/8, 93-309 Łódź, Poland, entered into the Central Register and Information on Business Activity conducted by the Minister of Entrepreneurship and Technology, TAX NUMBER: 7712702908, COMPANY ID NUMBER: 381366651.
3. Personal data collected on our Online Shop is handled in accordance with the current EU Council Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
4. Our company takes special care to respect the privacy of the customers visiting the our Online Shop.
1. You can always visit our online shop without having to enter you personal data. The only data saved are that provide you access without specifying your personal data (like Internet Service Provider or browser information). These informations are processed anonymously and are used exclusively to improve our website.
2. We save your personal data (such us name, surname, address, e-mail address, phone number) for various purposes only when you send them to us voluntarily. Personal data of customers are collected in case of:
- registering an account in the Online Shop, in order to create and manage this account account. Legal basis: Article 6 paragraph 1 letter b of the GDPR;
- placing an order in the Online Shop in order to perform a sales contract. Legal basis: Article 6 paragraph 1 letter b of the GDPR;
- using the contact form in the Online Shop to perform a contract using email. Legal basis: Article 6 paragraph 1 letter b of the GDPR;
- leaving a review of an item offered in the Online Shop;
- subscribing to our newsletter.
3. When registering an account in the Online Shop, the Customer sets an individual password to access his or her account. The Customer may change the password, at a later time, according to the rules described in section Data Security.
4. In order to determine, pursue and enforce claims, certain personal data provided by the Customer may be processed as part of using the functionality in the Online Shop, such as: name, surname, data regarding the use of services, if the claims result from the manner in which the Customer uses from services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - a legitimate interest (Article 6 paragraph 1 letter fb of the GDPR), consisting in the determination, investigation and enforcement of claims as well as defense against claims in proceedings before courts and other state authorities.
Data storage time
Customers' personal data are stored:
- If the basis for the processing of personal data is consent, then the Customer's personal data is processed by our company until the consent is revoked, and after revoking the consent for a period of time corresponding to the limitation period of claims that our company may raise and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity - three years.
- If the basis for data processing is the performance of the contract, then the Customer's personal data is processed by our company as long as it is necessary to perform the contract, and after that time for the period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity - three years.
Transfer of personal data
1. Only authorized employees of our company have direct access to personal data collected by our Online Shop. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are subject to the instructions of our company as to the purposes and methods of processing this data (processing entities), or independently determine the purposes and methods of their processing (administrators).
- Processing entities: our company uses providers that process personal data only on the instructions of our company. These include hosting services, accounting services, systems for analyzing traffic in the Online Shop.
- Administrators: our company uses providers who determine how to use clients' personal data themselves. These include payment services, banks, parcel delivery companies and sales manager.
2. In the event of making a purchase in the Online Shop, personal data is transferred, depending on the Customer's choice, to the following entities in order to process the payment:
- PayPal payment method - PayPal (Europe) S.à r.l. & Cie, S.C.A. 22-24 Boulavard Royal L-2449 Luksemburg.
- Conatoxia Pay payment methods - Cinkciarz.pl Sp.z o.o, Wrocławska 17B, Zielona Góra, Poland.
3. In the event of making a purchase in the Online Shop, personal data is transferred, depending on the Customer's choice, to the following entities in order to process the shipment:
- Economy/Standard/Global Expres delivery methods - personal data are transferred to Poczta Polska (Polish Post) based in Warsaw, Poland.
- DPD/BRT/SEUR/PostNord delivery methods - personal data are transferred to DPD Polska Sp. z o.o. based in Warsaw, Poland.
- Fedex delivery method - personal data are transferred to Fedex Express (Poland) sp. z o.o. based in Warsaw, Poland.
- InPost delivery methods - personal data are transferred to InPost sp. z o.o. based in Cracow, Poland.
4. In the event of making a purchase in the Online Shop, personal data and details of the order are transferred automatically to the Baselinker sales manager system. We are integrated with the Baselinker sales manager to efficiently and quickly fulfill the orders. It is used to accept and process all orders, support our stock levels of products displayed in the Online Shop and integrate the shipping base. Transferring data to the baselinker system is necessary to process your order. The baselinker system is provided by BaseLinker Sp. z o.o. sp. k. with its registered office in Wrocław, Poland.
5. Personal data may also be transferred in the event of a request by authorized state authorities, in particular to organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection, or the President of the Office of Electronic Communications.
Changing or deleting data
1. The right to withdraw consent - legal basis: Article 7 paragraph 3 of the GDPR.
- The customer has the right to withdraw any consent he has given to our company.
- Withdrawal of consent has effect from the moment of withdrawal of consent.
- Withdrawal of consent does not affect the processing carried out by our company in accordance with the law before its withdrawal.
- Withdrawal of consent does not entail any negative consequences for the Customer, however, it may prevent further use of services or functionalities which, according to the law, our company can only provide with consent.
2. The right to object to data processing - legal basis: Article 21 of the GDPR.
- The customer has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data, including profiling, if our company processes his data based on a legitimate interest, e.g. marketing of products and services, conducting statistics on the use of individual functionalities of the Online Shop and facilitating the use of the Online Shop, as well as satisfaction surveys.
- Resignation in the form of an e-mail message from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his personal data, including profiling for these purposes.
- If the Customer's objection turns out to be well founded and our company has no other legal basis to process personal data, the Customer's personal data will be deleted, for which the Customer has objected.
3. The right to delete data ("the right to be forgotten") - legal basis: Article 17 of the GDPR.
- The customer has the right to request the erasure of all or some personal data.
- The customer has the right to request the removal of personal data if:
- personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
- the customer has withdrawn specific consent to the extent that personal data was processed based on his consent;
- the customer has objected to the use of his data for marketing purposes;
- personal data is processed unlawfully;
- personal data must be deleted to comply with a legal obligation under Union law or the law of the Member State to which our company is subject;
- personal data was collected in connection with offering information society services.
Despite the request to delete personal data (in connection with an objection or withdrawal of consent) our company may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union or Member State law to which our company is subject. This applies in particular to personal data including: name, surname, e-mail address, which are stored for the purposes of considering complaints and claims related to the use of our company services, or additionally the address of residence / correspondence address, order number, which the data is kept for the purposes of examining complaints and claims related to concluded sales contracts or provision of services.
4. The right to limit data processing - legal basis: Article 18 of the GDPR.
- The customer has the right to request a restriction on the processing of his personal data. Submission of a request, pending its consideration, prevents the use of specific functionalities or services, the use of which will involve the processing of the data covered by the request. Our company will also not send any messages, including marketing messages.
- The customer has the right to request the restriction of the use of personal data in the following cases:
- when he questions the correctness of his personal data - then our company limits their use for the time needed to check the correctness of the data, but no longer than for 7 days;
- when the processing of data is unlawful, and instead of deleting the data, the Customer will request to limit their use;
- when personal data cease to be necessary for the purposes for which they were collected or used but they are needed by the Customer to establish, assert or defend claims;
- when he objected to the use of his data - then the restriction occurs for the time needed to consider or - due to a special situation - the protection of the interests, rights and freedoms of the Customer outweighs the interests that the Administrator carries out by processing the Customer's personal data.
5. Right of access to data - legal basis: Article 15 of the GDPR.
The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if this is the case, the Customer has the right to:
- gain access to his personal data;
- obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of storing the Customer's data or the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer under The GDPR and the right to lodge a complaint to the supervisory authority, about the source of this data, about automated decision making, including profiling and about the safeguards used in connection with the transfer of these data outside the European Union;
- obtain a copy of his personal data.
6. The right to rectify data - legal basis: Article 16 of the GDPR.
The Customer has the right to request the Administrator to immediately correct his personal data that is incorrect. Taking into account the purposes of processing, the customer has the right to request the completion of incomplete personal data.
7. Right to data portability - legal basis: Article 20 of the GDPR.
The Customer has the right to receive his personal data, which he provided to the Administrator, and then send it to another personal data administrator of his choice. The customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a csv file, which is a commonly used, machine-readable format that allows you to send the received data to another personal data administrator.
8. In the event of the use by the Customer of the above rights, our company fulfills the request or refuses to comply with it immediately, but not later than within one month after receiving the request. However, if (due to the complicated nature of the request or the number of requests) our company will not be able to fulfill the request within a month, it will fulfill them within the next two months informing the customer within one month of receipt of the request - about the intended extension of the deadline and its reasons.
9. The Customer may submit to the Administrator complaints, queries and requests regarding the processing of his personal data and the implementation of his rights.
10. The customer has the right to request our company to provide copies of standard contractual clauses.
11. The customer has the right to lodge a complaint to the President of the Office for Personal Data Protection regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.
1. Your personal data will be coded and transfered via internet with 128 Bit RSA SSL Encryption not only by registration and in personal created profile, but also in entire field of shopping basket. We secure our Online Shop and other systems with technical and organizational actions against loss, destruction, access, change or proliferation of your data by unauthorized person.
2. We do not send a password reminders. If a person who has a Customer Account in our Online Shop has lost or forgotten password in any way, we allow to generate a new password. The Customer's password is stored in our database in an encrypted form in a way that prevents its reading. To generate a new password, please enter the e-mail address in the form available under the link "Forgot your password?", given at the login page. The new password will be automatically sent only to the e-mail address provided during registration.
3. We never send any correspondence with a request to provide login details or an access password to the Customer Account. Such information is also not made available through traditional correspondence, by e-mail or by phone.
1. Our Online Shop uses Google Analytics (Google company web analytics service) to constantly improve our website. This service uses “cookies”. They let to analyse the use of the site. The information obtained from these cookies (about your use of this site, as well as your IP-address), is transmitted to a Google server located within the European Economic Area to ensure the anonymity of the IP address. The shortened IP address is sent to a Google server in the United States where it is stored. Google acts on behalf of our company in the area of analyzing the usage the website, preparing reports on website activity, as well as providing additional services related to the use of the website and the Internet.
2. In addition, we use Google Analytics reports to analyze anonymous information about demographic data (such as age and gender) and the interests of visitors to our site, as well as analyze the effectiveness of advertising placed by us on other websites.
Last update: 31.03.2023