1 This document sets out the rules for the processing and protection of the personal data of the Customers of the Internet Store available at www.awih.pl.
(2) The owner of the Online Store and the administrator of the personal data of the Customers – natural persons – and users to whom the data pertains is AWIH Zbigniew Zieliński with its registered seat in Opacz Kolonia, ul. Rice Street 96A, NIP: 1130061093, tel. 501256996, email: firstname.lastname@example.org hereinafter referred to as the Administrator and being at the same time the Seller.
(3) Personal data collected by the Administrator through the Online Store shall be processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC (Official Journal of the EU.L No. 119, p. 1) (General Data Protection Regulation, RODO) and others currently in force, i.e. for the entire period of processing of certain data, the provisions of the data protection law. Personal data means information about an identified or identifiable natural person (hereinafter referred to as Personal Data). An identifiable natural person is one who can be identified directly or indirectly, in particular by an identifier such as a name, an identification number, an online identifier, location data, one or more specific factors that determine the physical, genetic, mental, economic, cultural or social identity of the natural person.
(4) The Administrator shall take special care to respect the privacy of Customers visiting its Online Store.
§ 1 Type of data processed, purposes and legal basis
(1) The Administrator shall collect information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to which the law grants legal capacity, conducting business or professional activity on their own behalf, hereinafter referred to as Clients.
(2) The purposes of the Administrator’s processing of Customers’ Personal Data are, in particular:
a) registering an account with the Online Store, in order to create and manage an individual account. Legal basis – necessary for the performance of the contract for the provision of the Account service – Art. 6 paragraph. 1(b) RODO;
b) placing an order on the Online Store, for the purpose of executing the sales contract. Legal basis – necessary for the execution of the sales contract – art. 6 paragraph. 1(b) RODO;
(c) Newsletter subscription, in order to perform a contract the subject of which is a service provided electronically. Legal basis – consent of the data subject to perform the Newsletter service contract – Art. 6 paragraph. 1(a) RODO.
(3) When registering an account for the Newsletter service in the Online Store, the Customer shall provide the following data:
(a) e-mail address.
(4) When placing an order on the Online Store, the Customer shall provide the following data:
(a) e-mail address;
(b) address data: postal code and city, country, street, house/flat number;
(d) telephone number.
5 Entrepreneurs shall provide the above data and in addition:
(a) Entrepreneur’s company name;
(b) Tax ID number.
(6) When using the Newsletter service, the Customer shall provide data:
(a) e-mail address;
(b) telephone number.
(7) When using the Online Store, additional information may also be collected, including: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain, browser type, access time, type of operating system.
(8) Navigation data may also be collected from Customers, including information about the links and references they choose to click on or other activities performed on our Online Store. Legal basis – legitimate interest – Art. 6 paragraph. 1(f) of the RODO, enabling better use of the services provided electronically.
(9) For the purpose of determining, investigation and enforcement of claims may also be processed, some personal data provided by the Customer in the use of functionality, including but not limited to: name, surname, data on the use of services, if claims arise from the manner in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest – Art. 6 paragraph. 1(f) of the RODO, consisting in the establishment, investigation and enforcement of claims, as well as the defense against claims in proceedings before courts and other state authorities.
(10) Personal data collected by the Administrator are provided to him/her voluntarily, in connection with the conclusion of sales agreements, or the provision of services through the Internet Store, with the proviso that failure to provide the data specified in the forms in the Registration process prevents the Registration and creation of a Customer Account, and in the situation of placing an order without the Registration of a Customer Account, will prevent the placement and processing of the order.
§ 2 To whom we may transfer your data and how long they are kept
(1) The catalog of recipients of Personal Data processed by the Administrator is primarily based on the scope of services used by the Customer. The Customer’s personal data is transferred to the service providers used by the Administrator in the operation of the Online Store. The Administrator’s service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, are subject to the Administrator’s instructions as to the purposes and means of processing such data – processors – or independently determine the purposes and means of processing – controllers.
(a) Processors – The Administrator uses suppliers who process personal data only at the Administrator’s direction and these include providers of hosting or ICT services, accounting services, providers of marketing systems, systems for analyzing traffic on the Online Store, systems for analyzing the effectiveness of marketing campaigns, companies that perform marketing campaigns, companies that service software.
(b) Administrators – The Administrator also uses suppliers who do not act solely on its instructions and determine themselves the purposes and uses of Customers’ personal data. They provide electronic payment and banking services.
2 Location – Service Providers are based in Poland and other countries in the European Economic Area (EEA).
(3) Customers’ personal data are stored:
(a) Where the basis for processing of personal data is the consent provided, the Customer’s personal data shall be processed by the Administrator until the consent is revoked. After it is revoked, personal data is kept for a period corresponding to the statute of limitations for claims that the Administrator may raise and that may be raised against him. Unless a special provision provides otherwise, the statute of limitations is 10 years, and for claims for periodic benefits and claims related to the conduct of business 3 years.
(b) When the basis for data processing is the performance of a contract, then the Customer’s personal data is processed by the Administrator as long as it is necessary for the performance of the contract. After this time, personal data are processed for a period corresponding to the period of the statute of limitations for claims. Unless specifically provided otherwise, the statute of limitations is 10 years, for claims for periodic benefits and claims related to the conduct of business 3 years.
(4) In the situation of making a purchase in the Online Store, personal data may be transferred, depending on the choice of the Customer, to the following entities, in order to deliver the products ordered in the Online Store: courier company GLS
(5) If a Customer of the Online Store chooses to pay through the payment system PayPal Express located at L-1150 in Luxembourg , his/her personal data are transferred to the extent necessary for payment processing.
(6) Navigational personal data may be used to provide better service to customers, analyze statistical data and customize the Online Store to customers’ preferences and to administer the Online Store.
(7) If the Customer chooses the Newsletter subscription service, the Administrator will send information to his e-mail address or SMS messages to his cell phone, containing commercial information about promotions, discounts, new products available in his Online Store.
(8) In the event of a request to the Administrator to provide access to data, the Administrator will provide access to personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 3 Cookies and IP addresses
(1) The cookies used by the Administrator are primarily used to optimize the service of visitors during the use of the Online Store, and provide the possibility of developing statistics on visits to the presented products in the Online Store. These files are saved by the Administrator on the final device of the person visiting the Online Store, if the Internet browser allows it. Cookies usually contain the name of the domain from which they originated, their “expiration time” and an individual random number identifying them.
2 Two types of cookies are used:
a) Session cookies – when the browser session ends or the computer is turned off, the stored information is deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from Customers’ computers;
b) Persistent cookies – are stored in the memory of the Customer’s terminal device and remain until deleted or expired. The mechanism of persistent cookies does not allow the collection of any personal data and any confidential information from the Customers’ computer.
(3) The administrator uses proprietary cookies for:
a) to authenticate the Customer in the Online Store and provide the Customer with a Customer session after logging into the Customer Account;
b) anonymous statistics and analysis that help to understand how customers use the Online Store.
4 The administrator uses external cookies for:
(a) collection of statistical data via Google Analytics tools – administrator of external cookies: Google Inc. based in the US;
(b) presentation of advertisements from the Google AdSense service – administrator of external cookies: Google Inc. based in the USA;
(c) promotion of the Online Store on Facebook.com – administrator of external cookies: Facebook Inc. based in the USA or Facebook Ireland based in Ireland;
5 The mechanism of cookies is completely safe for the computers of Customers of the Online Store. The customer can independently and at any time change the settings for cookies, specifying the conditions for storing and accessing cookies on his device. The customer can change the settings in question using the settings of his/her Internet browser. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the settings of the Internet browser or inform about each time cookies are placed on the Client’s Device. Detailed information about the possibility and methods of handling cookies is available in the settings of your web browser. Blocking cookies may affect, some of the functionality available on the Online Store.
6 The Administrator may collect IP addresses of Customers. An IP address is a number assigned to the computer of a person visiting the Online Store by an Internet Service Provider. The IP address is used by the Administrator in diagnosing technical problems with the server, creating statistical analysis and improving the Online Store.
7 The Online Store contains links and references to other websites on the Internet and the Administrator is not responsible for the privacy policies of these websites.
§ 4 Rights and obligations of the person to whom the Personal Data relates
1. right to withdraw consent – legal basis Art. 7 paragraph. 3 RODO.
(a) The customer has the right to revoke any consent he/she has given to the Administrator.
(b) Withdrawal of consent has effect from the moment of withdrawal of consent.
(c) Withdrawal of consent does not generally affect the processing performed by the Administrator in accordance with the law before its withdrawal.
d) Withdrawal of consent does not cause any negative consequences for the Customer of the Online Store, but may prevent further use of services or functionalities that can only be provided with consent.
2 The right to object to data processing – legal basis Art. 21 RODO.
a) The Customer has the right at any time to object to the processing of his/her personal data, including profiling, if the Administrator processes his/her data based on legitimate interests, such as marketing of products and services, keeping statistics on the use of particular functionalities of the Online Store and facilitating the use of the Online Store, and customer satisfaction surveys.
b) Opting out of receiving commercial messages regarding products or services sent via e-mail will be the Customer’s objection to the processing of his/her personal data, including profiling for these purposes.
(c) If the Customer’s objection proves to be valid and the Administrator has no other legal basis for processing the personal data, the Customer’s data will be deleted, against the processing of which, the Customer has raised this objection.
3. right to erasure, right to be forgotten – legal basis Art. 17 RODO.
(a) The customer has the right to send a request for deletion of all, or some, personal data.
(b) The customer has the right to request deletion of personal data if:
a. personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
b. The customer has withdrawn consent, to the extent that the customer’s data was processed based on the customer’s consent;
c. has objected to the use of his or her data for commercial or marketing purposes;
d. Personal data is processed illegally;
e. personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State to which the Administrator is subject;
f. personal data was collected in connection with offering information society services.
(c) Despite a request for erasure of personal data, due to the filing of an objection or withdrawal of consent, the Administrator may retain, some personal data to the extent that the processing is necessary to establish, assert or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of the Member State to which it is subject.
4 The right to restrict data processing – legal basis Art. 18 RODO.
(a) A customer of the Online Store has the right to request restriction of processing of his/her data. Submitting such a request prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request.
(b) A customer of the Online Store has the right to request a restriction on the use of personal data in the following situations:
a. with the inconsistency of their personal data, then the Administrator shall limit their use for the time necessary to verify the accuracy of such data;
b. when the processing of data is unlawful, and the Customer does not request deletion but restriction of use;
c. When the Customer’s personal data is no longer necessary for the purposes for which it was collected or used but is needed by the Customer to establish, assert or defend claims;
d. when he or she has objected to the use of his or her data, then the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client’s data.
5 Right of access to data, legal basis Art. 15 RODO.
a) The Customer has the right to obtain confirmation from the Administrator as to whether it is processing his/her personal data, and if so, the Customer has the right:
a. gain access to your personal information;
b. obtain information about the purposes of the processing and the recipients or categories of recipients of this data, the intended period of data storage or the criteria for determining this period, the Customer’s rights under the RODO and the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of this data outside the European Union;
c. obtain a copy of your personal data.
6 The right to rectification of data – legal basis Art. 16 RODO.
(a) The customer has the right to request from the Administrator the immediate rectification of his personal data that is incorrect. Taking into account the purposes of processing, the Customer has the right to request completion of incomplete personal data, including by providing an additional statement, by sending an e-mail to the Administrator’s e-mail address.
7 The right to data portability – legal basis Art. 20 RODO.
a) The customer has the right to receive his/her data, which he/she provided to the Administrator, and then send it to another personal data controller of his/her choice. A customer of the Online Store also has the right to request that the indicated personal data be sent by the Administrator directly to such an administrator, if technically possible. In this situation, the Administrator will send such customer data in CSV file format, which is a commonly used format.
(8) In the event of a request by the Customer for the fulfillment of his above rights, the Administrator shall have the right to fulfill or deny it, and will do so immediately.
(9) The customer has the right to report to the Administrator complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights.
(10) The customer has the right to request the Administrator to provide copies of the standard contractual clauses by sending a request to the Administrator’s e-mail address.
(11) The Customer shall have the right to lodge a complaint with the President of the Office for Personal Data Protection regarding violation of his/her data protection rights or other rights granted under the RODO.
§ 5 Security of Personal Data
(1) The Administrator declares that it makes every effort to ensure a high level of security for customers in the use of the Online Store and to this end:
a) apply the technical and organizational measures required by law, in particular with regard to the security of the processing of Personal Data;
(b) apply measures to ensure the ability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to quickly restore availability of and access to Personal Data in the event of a physical or technical incident;
d) provides the Customers of the Online Store with a secure and encrypted connection when transferring personal data and when logging into the Customer Account, using an SSL certificate.
(2) Any incidents affecting the security of the transmission of information, personal data, including the suspicion of sharing files containing viruses, should be reported to the Administrator by e-mail to: email@example.com
§ 6 Final provisions