- The Controller of Customers’ personal data is the Seller, i.e. Marta Osowiecka, pursuing a business activity under the business name DYNKS Marta Osowiecka, address: ul. Lelechowska 12 lok. 16, 02-351 Warsaw, on the basis of an entry in the Central Registration and Information on Business (CEIDG), Tax Identification Number NIP: 7010873503, National Business Registry Number REGON 381515000
- You may contact the Personal Data Controller in particular via e-mail at firstname.lastname@example.org.
2. PURPOSE AND SCOPE OF DATA PROCESSING
- The purpose and scope of processed personal data are determined by the scope of data completed by the Customer and sent to the Seller means of a relevant form. Processing Customer’s personal data may pertain to his/her e-mail address, first and last name, address, phone number, computer IP address, Tax Identification Number NIP, data collected by Google Tag Manager, Google Analytics, Facebook Pixel and other data necessary for provision of services by the Seller. Due to the nature of services provided by the Seller, they cannot be provided anonymously.
- Providing personal data is voluntary, but as a result of lack of consent to process the personal data marked as obligatory the Seller will be prevented from performing the services and agreements, in particular it will prevent creation of an Account and performance of Sales Agreements.
- Personal data of Customers are processed for the following purposes:
- implementation of legal provisions—the legal basis is the statutory authorisation to process data necessary to act in line with the law (Article 6.1(c) of the GDPR);
- provision of services by electronic means, performance of Sales Agreements, consideration of filed complaints and other activities indicated in the Terms and Conditions in connection with a Sales Agreement or services provided by electronic means—the legal basis is the statutory authorization to process data which are necessary to perform an agreement if the data subject is a party to such agreement, or if it is essential for undertaking certain actions prior to conclusion of an agreement upon request of the data subject (Article 6.1(b) of the GDPR);
- marketing actions of the Seller—the legal basis is a legitimate interest of the Data Controller (Article 6.1.(f) of the GDPR), which involves direct marketing or voluntary consent of the Customer (Article 6.1(a) of the GDPR);
- analytical and statistical purposes—the legal basis is a legitimate interest of the Data Controller (Article 6.1.(f) of the GDPR), which involves conducting analyses of Customers’ activity and manner in which they use the Store as well as their preferences, for the purpose of improving the used functionalities.
- in the case of queries sent to the Seller—for the purpose of handling sender’s query—the legal basis is the necessity for performance of an agreement for provision of a service (Article 6.1(b) of the GDPR).
- If the Seller is advised that the Customer infringes the provisions of the Terms and Conditions or applicable provisions of law (unauthorized use of the Store), then the Seller may process the personal data of the Customer in the scope required for establishing his/her liability.
3. DATA PROCESSING TIME
- Customer’s personal data are processed for the time of performance of a Sales Agreement or agreement for provision of a relevant service by electronic means (e.g. operation of the Account), and upon termination of the agreement or service, for the period of limitations of civil law claims and tax receivables.
- In the case of marketing actions, Customer’s personal data will be processed until the Customer withdraws the consent or raises an objection, and thereafter they will be stored only for the purpose of defence against any possible claim of the data subject.
- Upon the lapse of the above mentioned time, personal data will be deleted, unless their processing is necessary under another legal basis.
4. TRANSMISSION OF PERSONAL DATA TO THIRD COUNTRIES
- The Seller will transfer data to third countries, i.e. beyond the European Economic Area: to the United States on the basis of the Commission Implementing Decision of 12 July 2016 introducing the so-called Privacy Shield (under this decision data will be transferred only to certified entities, as a result of which those entities are obliged to appropriately secure personal data), and to other countries, only on the basis of standard contractual clauses under which the entities which will receive those data are obliged to appropriately secure them.
- The Seller will also carry out profiling for the purposes of marketing, market research, improving services and Online Store, by analysing Customers’ behaviour in the Store, in order to adjust the Store to Customers’ preferences. Such profiling will result in automatic assessment of Products the Customer may be interested in, also within the frames of the website of the Seller’s Store, as well as display of personalised advertisements of Products. At the same time, profiling carried out by the Seller will not result in making decisions against the Customer with a legal or similarly significant effect on the Customer.
- The Customer may raise an objection against such profiling at any time by sending an e-mail to email@example.com
6. RECIPIENTS OF DATA
- Personal data of Customers may be transferred for processing only for the purpose of performance of agreements for provision of services by electronic means by the Seller and Sales Agreements to the following entities: a hosting company maintaining the Store, a company providing accounting services to the Seller, a company providing e-mail services, the provider of a payment system, a legal firm and a courier mail company,
- Personal data collected by the Seller may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of law, or other persons and entities—in the cases prescribed in the provisions of law.
- Each entity to which the Seller transfers Customers’ personal data for processing on the basis of a personal data transfer agreement (“Transfer Agreement”) guarantees an adequate level of security and confidentiality of the processing of personal data. The entity processing Customer’s personal data on the basis of the Transfer Agreement may process Customer’s personal data through another entity only upon prior written consent of the Seller.
7. CUSTOMER RIGHTS RELATED TO DATA PROCESSING
- Each Customer has the right to: (a) delete the collected personal data referring to him/her both from the system belonging to the Seller as well as from bases of entities which have co-operated with the Seller, (b) restrict the processing of data, (c) portability of the personal data collected by the Seller and referring to Customers, in this to receive them in a structured form, (d) request the Seller to enable him/her access to his/her personal data and to rectify them, (e) object to processing, (f) withdraw the consent towards the Seller at any time without affecting the legality of processing carried out on the basis of the consent before it is withdrawn, (g) lodge a complaint about the Seller to the supervisory authority, (h) obtain copies of data or information on the place where data are made available.
- Except for filing a complaint on the Seller with the supervisory authority, the Customer may exercise the foregoing rights by sending an e-mail to the controller’s address: firstname.lastname@example.org.
8. OTHER DATA
- The Online Store may store http enquiries, therefore files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of Customer’s station–identification through the http protocol, if possible, the date and system time of registration in the Store and receipt of the enquiry, the number of bytes sent by the server, the URL address of a site visited by the Customer before if the Customer has entered the Store through a link, details of the Customer’s browser, information on errors occurring by realization of the http transaction. Web server logs may be collected as material for the purposes of proper administration of the Online Store. Only persons authorized to administer the IT system have access to data. Files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic in the Store and occurring errors. Summary of such details does not identify the Customer.
- The Seller applies technological and organizational means in order to secure the processing of personal data corresponding to the threats and category of data to be secured, in particular, through technical and organizational means the Seller secures data against being published to unauthorized persons, taken over by an unauthorized person, processed in violation of the law and changed, lost, damaged or destroyed; among others the SSL (Secure Socket Layer) certificates are applied. The set of collected Customers’ personal data is stored on a secured server; moreover, the data are secured by Seller’s internal procedures related to the processing of personal data and information security policy.
- The Seller has also implemented appropriate technical and organizational means, such as pseudonymisation, designed to effectively enforce the data protection principles, such as data minimisation, and for the purpose of providing the processing with necessary safeguards, so as to meet the GDPR requirements and protect the rights of data subjects. The Seller implements all necessary technical measures as specified in Articles 25, 30, 32-34, 35–39 of the GDPR, providing for enhanced protection and security of the processing of Customers’ personal data.
- At the same time the Seller states that using the Internet and services provided by electronic means may pose specific teleinformatic threats, such as: presence and operation of worms, spyware or malware software, including viruses, as well as possibility of being exposed to cracking or phishing (fishing passwords) and other. In order to obtain detailed and professional information related to security in the Internet, the Seller recommends taking advice from entities specializing in such IT services.
- For the purposes of a correct operation of the Store, the Seller uses cookie support technology. Cookies are packages of information stored on a Customer’s device through the Online Store, usually containing information corresponding to the intended use of a particular file, by means of which the Customer uses the Online Store—these are usually: address of the Internet service, date of publishing, lifetime of a cookie, unique number and additional information corresponding to the intended use of a particular file.
- The Seller uses two types of cookies: session cookies, which are permanently deleted upon the closing of the session of the Customer’s browser, and permanent cookies, which remain on the Customer’s device after closing the session until they are deleted.
- It is not possible to identify the Customer on the basis of cookie files, whether session or permanent. The cookie mechanism prevents collection of any personal data.
- Cookies used in the Store are safe for the Customer’s device, in particular they prevent viruses or other software from breaking into to the device.
- Files generated directly by the Online Store may not be read by other Internet services. Third-party cookies (i.e. cookies provided by associates of the Seller) may be read by an external server.
- The Customer may individually change the cookie settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service. First and foremost, the Client may disable storing cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Store.
- The Seller uses own cookies for the following purposes: authenticating the Customer in the Store and preserving Customer’s session; configuring the Store and adjusting the content of pages to Customer’s preferences, such as: recognizing Customer’s device, remembering settings set up by the Customer; ensuring security of data and use of the Online Store; analyses and researches of views, number of clicks and paths taken, number and frequency of visits in the Store, maintaining statistics; providing advertising services.
- The Seller uses third-party cookies for the following purposes:
|Tool:||Purpose of storing:|
|Google Analytics||Control and management of codes placed on the website|
|Facebook Analytics||Traffic and behaviour analysis on the Online Store’s website|
|Facebook Pixel||Traffic analysis on the Online Store’s website and displaying Online Store’s ads on Facebook to Facebook users who have shown interest in the offer of the Online Store or who have certain common factors (such as interest in certain themes of Goods defined on the basis of visited websites)|
- Details concerning cookies support are available in the settings of the browser used by the Customer.