1. GENERAL PROVISIONS
1.2. The administrator of personal data collected through the Internet Shop is PIOTR MATERNA conducting business activity under the company SATTO MEDIA PIOTR MATERNA entered into the Central Register and Information on Business Activity of the Republic of Poland kept by the minister in charge of economy, having: address of the place of business activity and address for delivery: Owsiana 62, 40-780 Katowice, Poland, Tax Identification Number 6342011783, National Business Registry Number 276612628, e-mail address: firstname.lastname@example.org - hereinafter referred to as the "Administrator" and being at the same time the Service Provider of the Internet Shop and the Seller.
1.3. Personal data in the Online Shop is processed by the Administrator in accordance with the applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "OPCW" or "OPCW Regulation". Official text of the RODO Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the Internet Shop, including shopping, is voluntary. Similarly, the provision of personal data by the user of the Internet Shop to the Customer or the Customer is voluntary, subject to two exceptions:
- Administrator's statutory obligations - providing personal data is a statutory requirement resulting from generally binding provisions of law imposing on the Administrator the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting books) and failure to provide such data will prevent the Administrator from performing these obligations.
1.5. The adminitrator shall exercise special care in order to protect the interests of the persons to whom personal data processed by him/her relate, and in particular shall be responsible and shall ensure that the data collected by him/her are accurate:
- processed in accordance with the law;
- collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes;
- substantially correct and adequate in relation to the purposes for which they are processed;
- kept in a form which permits identification of the persons concerned no longer than is necessary to achieve the purpose of the processing;
- processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational measures.
1.6. Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons with different degrees of probability and seriousness of the risk, the controller shall implement appropriate technical and organisational measures to process in accordance with this Regulation and to be able to demonstrate this. Those measures shall be reviewed and updated as necessary. The Administrator shall implement technical measures to prevent unauthorised persons from collecting and modifying personal data transmitted electronically.
2. THE GROUNDS FOR DATA PROCESSING
2.1. The Administrator shall be entitled to process personal data in cases where, and in so far as, at least one of the following conditions is met: (1) the data subject has consented to the processing of his/her personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to the conclusion of the contract; (3) processing is necessary to fulfill a legal obligation incumbent on the Administrator; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Administrator or by a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data are paramount, in particular if the data subject is a child.
3 PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
3.1. Each time the purpose, basis, period and scope as well as the recipients of personal data processed by the Administrator results from actions taken by a given Service Recipient or Client in the Internet Shop. For example, if the Client decides to make purchases in the Internet Shop and chooses to collect the purchased Product instead of courier delivery, his or her personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier carrying out the delivery on behalf of the Administrator.
3.2. The Administrator may process personal data in the Internet Shop for the following purposes, on the following grounds, in periods and in the following scope:
|Purpose of the data processing||Legal basis for processing and data retention period||Scope of processed data|
|Execution of a Sales Agreement or an agreement for the provision of an Electronic Service or taking action at the request of the data subject prior to the conclusion of the aforementioned agreements||Article 6(1)(b) of the RODO Regulation (performance of the contract) Data shall be kept for the period necessary to perform, terminate or otherwise terminate the contract concluded.||Maximum scope: first and last name; e-mail address; contact telephone number; delivery address (street, house number, property number, postcode, town, country), residential/business address/seat (if different from delivery address). In the case of Customers or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer. The given scope is maximum - in the case of e.g. personal collection it is not necessary to provide the delivery address.|
|Marketing||Article 6(1)(a) of the RODO Regulation (consent) Data shall be stored until the data subject withdraws his or her consent to further processing of his or her data for this purpose.||First name, e-mail address|
|Expression by the Customer of an opinion on the concluded Sales Agreement||Article 6(1)(a) of the RODO Regulation Data shall be stored until the data subject withdraws his or her consent to further processing of his or her data for this purpose.||E-mail address|
|Keeping tax books||Article 6(1)(c) of the RODO Regulation in conjunction with Article 86(1) of the Tax Ordinance, i.e. of 17 January 2017. (Journal of Laws of 2017, item 201) The data are kept for the period required by the provisions of law requiring the Administrator to keep tax books (until the expiry of the statute of limitations on tax liability, unless tax acts provide otherwise).||First and last name; address of residence/business/seat (if different from the delivery address), company name and tax identification number (NIP) of the Service Recipient or Client.|
|Establishing, asserting or defending any claims which may be raised by the Administrator or which may be raised against the Administrator||Article 6(1)(f) of the RODO Regulation Data shall be kept for the period of existence of a legitimate interest pursued by the Administrator, but not longer than for the period of limitation of claims against the data subject on account of the Administrator's business activity. The statute of limitations is determined by the provisions of law, in particular by the Civil Code (the basic statute of limitations for claims related to running a business activity is three years, and for a sales contract two years).||Name; contact telephone number; e-mail address; delivery address (street, house number, property number, postcode, town, country), residential/business/seat address (if different from the delivery address). In the case of Customers or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.|
4.THE RECIPIENTS OF THE DATA IN THE ONLINE SHOP
4.1. For the proper functioning of the Internet Shop, including the performance of the concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software supplier, courier or payment service provider). The Administrator uses only the services of such processors who provide sufficient guarantees of implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the RODO Regulation and protects the rights of data subjects.
4.3. Personal data of the Users and Customers of the Internet Shop may be transferred to the following recipients or categories of recipients:
4.3.1. carriers / forwarders / courier brokers - in the case of a Customer who uses in the Internet Shop the method of delivery of the Product by mail or courier, the Administrator provides the collected personal data of the Customer to a selected carrier, forwarder or intermediary who carries out deliveries on the order of the Administrator to the extent necessary to carry out the delivery of the Product to the Customer.
4.3.2. entities handling electronic payments or payment cards - in the case of a Customer who uses the electronic payment method or payment card in the Internet Shop, the Administrator shall make the collected personal data of the Customer available to a selected entity handling the above payments in the Internet Shop at the request of the Administrator to the extent necessary to handle payments made by the Customer.
4.3.3. creditors/leasers - in the case of a Customer who uses in the Internet Shop the method of payment in the installment or lease payment system, the Administrator makes the collected personal data of the Customer available to a selected creditor or lessor servicing the above payments in the Internet Shop at the request of the Administrator to the extent necessary to handle the payment made by the Customer.
4.3.4. supplier of the opinion polls system - in the case of a Customer who agreed to express an opinion on the concluded Sales Agreement, the Administrator shall make the collected personal data of the Customer available to a selected entity providing a system of opinion polls on the basis of the concluded Sales Agreements in the Internet Shop at the request of the Administrator to the extent necessary for the Customer to express an opinion by means of the opinion polls system.
5. PROFILING IN THE ONLINE SHOP
5.2. The Administrator may use profiling in the Internet Shop for direct marketing purposes, but the decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Internet Shop. The effect of using profiling in the Internet Shop may be e.g. granting a given person a discount, sending him/her a discount code, a reminder of unfinished purchases, sending a Product proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Internet Shop. Despite profiling, a given person decides freely whether they will want to take advantage of the discount received in this way, or better conditions and make a purchase in the Online Shop.
5.3. Profiling in the Internet Shop consists in automatic analysis or forecast of a given person's behavior on the website of the Internet Shop, e.g. by adding a specific Product to the basket, browsing the website of a specific Product in the Internet Shop, or by analysing the history of purchases made in the Internet Shop to date. The condition of such profiling is that the Administrator has personal data of a given person in order to be able to send him/her e.g. a discount code.
5.4. The data subject shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects for the data subject or significantly affects him/her in a similar manner.
6. THE PERSONAL RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, limitation, erasure or transfer - the data subject has the right to request from the Administrator access to his personal data, rectification, erasure ("the right to be forgotten") or limitation of the processing and has the right to object to the processing, as well as the right to transfer his data. Detailed conditions for exercising the aforementioned rights are indicated in Articles 15-21 of the RODO Regulation.
6.2. Right to withdraw consent at any time - a person whose data are processed by the Administrator on the basis of the consent given (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO Regulation) has the right to withdraw consent at any time without affecting the legality of the processing which was carried out on the basis of consent before its revocation.
6.3. Right to lodge a complaint to the supervisory authority - a person whose data are processed by the Administrator has the right to lodge a complaint to the supervisory authority in the manner and manner specified in the provisions of the RODO Regulation and Polish law, in particular the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Office for the Protection of Personal Data.
6.4. Right to object - the data subject has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data relating to him based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the Administrator), including profiling on the basis of these provisions. In such a case, the Administrator may no longer process those personal data unless he demonstrates the existence of valid legitimate grounds for the processing, overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.
6.5. Right to object to direct marketing - if personal data are processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of personal data relating to him/her for the purposes of such marketing, including profiling, in so far as the processing is related to direct marketing.
7. COOKIES IN THE INTERNET SHOP, EXPLOITATION DATA AND ANALYTICS
7.1. Cookies are small text information in the form of text files sent by a server and saved on the website of a visitor to the Online Shop (e.g. on a hard drive of a computer, laptop or smartphone memory card - depending on the device used by a visitor to our Online Shop). Detailed information about cookies, as well as their history can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
7.2. The Administrator may process the data contained in cookies when visitors use the website of the Internet Shop for the following purposes:
7.2.1. identification of the Customers as logged in to the Online Shop and showing that they are logged in;
7.2.2. toringdata for the Products added to the basket in order to place an Order;
7.2.3. storing data from completed Order Forms, surveys or logging data to the Online Shop;
7.2.4. adjusting the content of the Online Shop's website to the Customer's individual preferences (e.g. concerning colours, font size, page layout) and optimizing the use of the Online Shop's websites;
7.2.5. keeping anonymous statistics presenting the manner of using the Internet Shop website;
7.2.6. remarketing, i.e. research into the behavioural characteristics of visitors to the Online Shop through an anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create their profile and provide them with ads tailored to their anticipated interests, including when they visit other websites on the advertising network of Google Inc. and Facebook Ireland Ltd;
7.5. Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
7.6. Administrator may use Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help the Administrator analyze the Web Shop traffic. The collected data are processed within the framework of the above services in an anonymous way (so called exploitation data, which makes it impossible to identify a person) to generate statistics helpful in administering the Internet Shop. These data are of aggregate and anonymous character, i.e. they do not contain identification features (personal data) of persons visiting the website of the Internet Shop. Using the above services in the Internet Shop, the Administrator collects such data as the sources and medium of acquiring visitors to the Internet Shop and the manner of their behavior on the website of the Internet Shop, information on devices and browsers from which they visit the website, IP and the domain, geographic data and demographic data (age, gender) and interests.
7.7. You can easily prevent a person from providing Google Analytics with information about your activity on the Webshop website by installing the browser plug-in provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en.
7.8. Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Shop. This service helps the Administrator to measure the effectiveness of advertisements and find out what actions are taken by visitors to the online store, as well as display matching advertisements to these people. You can find out more about how Facebook Pixel works at: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
7.9. You can manage your Facebook Pixel by setting up ads in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.