First, let us give you some formal information: the administrator of the website is Weronika Szulc, 102 Caithness Road Mitcham CR4 2EW, London United Kingdom, e-mail: email@example.com
In short: key information
Not only do we care about your privacy but we value your time, too! Therefore, we prepared a brief version of the most important principles related to privacy protection.
- If you create your user account through our website, place an order, subscribe to our newsletter, file a complaint, withdraw from an agreement or simply contact us, you provide us with your personal data and we assure you that your data stay confidential, secure and will not be made available to any third parties without your express consent.
- We contract personal data processing only to tried and trusted entities that offer personal data processing services.
- We use our own cookies in order to ensure proper website operation.
If the above information is still insufficient, we have a bunch of details for you below.
The Controller of your personal data in the meaning of personal data protection laws is: Weronika Szulc, 102 Caithness Road Mitcham CR4 2EW, London United Kingdom, e-mail: firstname.lastname@example.org
The purposes, legal bases and personal data processing duration were indicated separately for every data processing purpose (see descriptions of specific personal data processing purposes below).
Your rights. The GDPR provides you with the following potential rights related to the processing of your personal data:
1) Right of access to personal data,
2) Right of personal data rectification,
3) Right to erasure of personal data,
4) Right to restrict personal data processing,
5) Right to object against personal data processing,
6) Right to data portability,
7) Right to lodge a complaint with a supervisory authority,
8) Right to withdraw consent for personal data processing if you consented to it before.
The principles related to exercising the above rights were provided for in detail in Articles 16–21 of the GDPR. Please feel free to read the said provisions. We feel it is important to tell you that the above rights are not absolute and will not be available for all operations related to your personal data processing. For your convenience, we did our best to let you know about your rights related to specific personal data processing operations that we described below.
There is, however, one right that you can always exercise: if you think we violated personal data protection laws when processing your personal data, you may file a complaint with a supervisory body (President of the Office for Personal Data Protection).
Security. We guarantee that all your personal data that you provide to us are kept confidential.We undertake all personal data security and protection measures required by personal data protection laws. Personal data are collected with due diligence and adequately protected against access by unauthorised persons.
List of contractors. We contract personal data processing to the following entities:
- Sendin Blue, Francja– in order to be able to use the mailing system in which your data are processed, provided that you subscribed to our newsletter,
- Alograf, Poland– in order to keep personal data on a server and use IT support services, which may entail access to your personal data by the service provider.
All entities that we contract to process personal data guarantee they apply adequate personal data protection and security measures as required by the law.
Processing purposes and operations
User’s account. When you create your user’s account, you are required to provide your e-mail address and set up your account password.Although provision of the data is voluntary, it is necessary to create an account.When you edit your profile, you may provide more detailed information about you, i.e. your name, surname, invoicing address and mailing address. Provision of the above data is absolutely voluntary.You can have an account without providing such detailed information. In such a case, you will need to enter the data manually when you place an order with us.
The data you provide on your user’s account shall be processed solely to keep your account and enable you to use it. The data provided on your user’s account is only aimed at facilitating order placement thanks to populating order form fields in an automated manner.
The legal basis for processing your personal data on your user’s account is the performance of the account agreement that you have concluded in accordance with the store’s Regulations – Article 6(1)(b) of the GDPR.
Data collected on your user’s account are processed by the Prestashop system and are kept on a server hosted by Nazwa.pl.
Your data will be processed on your account as long as you keep your user’s account. When you delete your account, your data will be removed from the database, except for your ordering history.
You can access your personal data on your user’s account anytime by signing in to your user’s account. When you sign in to your account, you can modify or delete your data anytime, except for your ordering history. You can also decide to delete your account anytime.
You also have the right to transfer your data collected on your user’s account, as referred to in Article 20 of the GDPR.
Orders. When placing an order, you must provide data necessary to deliver the order, i.e. your name, surname, invoicing address, delivery address, e-mail address, phone number.Although provision of the data is voluntary, it is necessary to deliver your order.
The data you provide to us in relation to your order shall processed to deliver your order (Article 6(1)(b) of the GDPR), issue an invoice (Article 6(1)(c) of the GDPR), to account for the invoice in our accounting documentation (Article 6(1)(c) of the GDPR) as well as for archiving and statistical purposes (Article 6(1)(f) of the GDPR).
Data provided in your order placed through the store are processed by the Prestashop system and are kept on a server hosted by Nazwa.pl.
If you already have a user’s account, your order will be included in your account ordering history.
Every order is documented with an invoice. Invoices are issued using the Prestashop system.
We also record orders in our internal database for archiving and statistical purposes.
Ordering data shall be processed for a time necessary to deliver your order and then until the expiry of the claim limitation period under the agreement concluded. In addition, after the expiry of such period, we may still process the data for statistical purposes. You should also remember that we are legally obliged to keep invoices with your personal data for 5 years from the end of the financial year in which the tax obligation arose.
In the case of ordering data, you may not rectify the data after the order is delivered. You may neither object to data processing or demand erasure of your data until the limitation period for claims under the agreement concluded expires. Similarly, you may not object to data processing or demand erasure of your data included in invoices. However, when the limitation period for claims under the agreement concluded expires, you may object to our processing of your personal data for statistical purposes and demand erasure of your data from our database.
You also have the right to transfer your ordering data, as referred to in Article 20 of the GDPR.
Newsletter. If you want to subscribe to our newsletter, you need to provide us with your e-mail address using a newsletter subscription form.
The data you provide when subscribing to the newsletter will be used for sending you our newsletter and the legal basis for the processing of such data is your consent (Article 6(1)(a) of the GDPR) expressed when subscribing.
The data are processed in the SeninBlue.com mailing system and kept on a server hosted by SendinBlue.com
The data shall be processed until the newsletter is terminated unless you unsubscribe from it earlier, which shall result in the erasure of your data from the database.
You may rectify your data recorded in the newsletter database and demand their erasure by unsubscribing from the newsletter. You also have the right to transfer your data, as referred to in Article 20 of the GDPR.
Complaints and agreement withdrawa. When you file a complaint or withdraw from an agreement, you provide us with your personal data included in the content of your complaint or agreement withdrawal notice, which include your name, surname, residence address, phone number, e-mail number, bank account number.
The data you provide to us in relation to your complaint or agreement withdrawal shall be used to process the complaint or agreement withdrawal (Article 6(1)(c) of the GDPR).
The data shall be processed for a period necessary to process your complaint or agreement withdrawal. Tour complaints and agreement withdrawal notices may also be archived for statistical purposes.
In the case of data included in complaints and agreement withdrawal notices, you may not rectify the data. You may neither object to data processing or demand erasure of your data until the limitation period for claims under the agreement concluded expires. However, when the limitation period for claims under the agreement concluded expires, you may object to our processing of your personal data for statistical purposes and demand erasure of your data from our database.
E-mail contact. When contacting us by e-mail, including submission of a request using a contact form, you naturally provide us with your e-mail address as the address of the message sender. In addition, your message may include other personal data.
In such a case, your data shall be processed in order to contact you and the basis of such processing is Article 6(1)(a) of the GDPR, i.e. your consent resulting from initiating contact with us. The legal basis for processing after termination of our contact is justified purpose of archiving correspondence for internal purposes (Article 6(1)(c) of the GDPR).
The content of the correspondence may be archived and we are unable to say precisely when it would be erased. You have the right to demand a history of your correspondence with us (if it was subject to archiving) and to demand that it is erased unless its archiving is justified by our overriding interest, e.g. protection against potential claims from you.
Cookies and other tracking technologies
Cookies are small pieces of text information stored on your terminal device (e.g. computer, tablet, smartphone), which may be read by our IT system.
Cookies may be classified into proprietary and third-party cookies.
These are explained in more detail below.
Proprietary cookies. We use proprietary cookies in order to ensure proper website performance, in particular to ensure proper operation of store modules based on PrestaShop software.
Third-party cookies. Like most contemporary websites, our website uses features provided by third parties, which is related to the use of third-party cookies.The use of such cookies was described below.
When you use the website, requests are sent to the server that hosts the website. Every request sent to the server is recorded in server logs.
Logs include, among others, your IP address, server date and time, your browser and operating system information. The logs are recorded and stored on the server.
Data recorded in server logs are not associated to any specific website users and are not used by us to identify you.
Server logs are solely as an aid to administer the website and their content is not shared with anyone except for persons authorised to administer the server.