I. PURPOSE AND SCOPE OF DATA COLLECTION
1. The personal data of the Service Users collected by the Administrator are used for accounting purposes, marketing purposes, contacting the Customer and other activities related to the performance of the Sales Agreement.
2. The Administrator processes the following personal data of the Customers:
a) Name and surname,
b) Address (street and house / flat number, zip code, city),
c) Telephone number,
d) E-mail address.
3. The Administrator may process the following data characterizing the way the Customer uses the services provided electronically (operational data):
a) Identification identifying the end of the telecommunications network or IT system used by the Service Recipient.
b) Information on the start, end and scope of each use by the Customer of the service provided electronically.
c) Information on the use by the Customer of services provided electronically.
4. Providing personal data referred to in point 2, it is necessary for the Service Provider to experience electronic services within the Store or conclude a Product Sales Agreement.
III. BASIS OF DATA PROCESSING
1. Using the Store, concluding agreements for the provision of electronic services via the Store or entering into Product Sales Agreements, which involves the necessity to provide personal data, is completely voluntary. The data subject individually decides whether he wants to start using the services provided electronically by the Service Provider or conclude a Product Sales Agreement in accordance with the Regulations.
2. Pursuant to the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, their processing is permitted, inter alia if:
(a) the data subject consents to it, unless it concerns the removal of data relating to him.
b) it is necessary for the performance of the contract if the data subject is a party to it or if it is necessary to take action before the conclusion of the contract at the request of the data subject.
3. The processing of personal data by the Administrator always takes place within the framework of the admissibility of their processing mentioned in point. 2. Data processing will be connected with the implementation of the contract or the need to take action before the conclusion of the contract at the request of the data subject (point 2 letter b). In addition, before entering into contracts for the provision of electronic services available through the Store, the future Customer is informed about the need to accept the Regulations.
IV. USER PERMISSIONS
1. The data subjects shall have the following rights:
1.1. The right to information about the processing of personal data – on the basis of the person submitting such a request, the Administrator provides information about the processing of personal data, primarily about the purposes and legal grounds of processing, the scope of data held, entities to which personal data are disclosed and the date of their removal ;
1.2. The right to obtain a copy of data – on this basis, the Administrator provides a copy of the data processed concerning the person making the request;
1.3. The right to rectification – on this basis, the Administrator removes any discrepancies or errors regarding personal data being processed, and completes or updates them if incomplete or has changed;
1.4. The right to delete data – on this basis you can request the deletion of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
1.5. The right to limit processing – on this basis, the Administrator ceases to conduct operations on personal data, except for operations agreed to by the data subject and their storage, in accordance with accepted retention rules, or until the reasons for limiting data processing (e.g. a decision of the supervisory authority will be issued, permitting further processing of data);
1.6. The right to data transfer – on this basis, to the extent to which data is processed in relation to the concluded contract or consent, the Administrator issues data provided by the person concerned in a format that allows them to be read by the computer. It is also possible to request that data to be sent to another entity – provided, however, that there are technical possibilities in this regard, both on the part of the Administrator and that other entity;
1.7. The right to object to the processing of data for marketing purposes – the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such objection;
1.8. The right to object to other purposes of data processing – the data subject may at any time object to the processing of personal data based on the justified interest of the Administrator (eg for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should include justification and is subject to the Administrator’s assessment;
1.9. The right to withdraw consent – if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out prior to the withdrawal of the consent;
1.10 The right to complaint – in the event that the processing of personal data is found to violate the provisions of the GDPR or other provisions on the protection of personal data, the data subject may file a complaint to the President of the Office of Personal Data Protection.
2. An application for the exercise of the rights of data subjects may be submitted:
2.1. in writing to the following address: FH GABA Adam Chybiński ul. Leśna 3, 87-103 Brzoza Poland
2.2. by e-mail to the following address: firstname.lastname@example.org
3. The application should, if possible, precisely indicate what the request is for, i.e. in particular:
3.1. what permission the person submitting the application wants to use (eg the right to receive a copy of the data, the right to delete the data, etc.);
3.2. what processing the request concerns (eg using a specific service, activity on a specific website, receiving a newsletter containing commercial information to a specific email address, etc.);
3.3. what processing purposes the request is for (e.g. marketing goals, analytical goals, etc.).
1. The Store of the Service Provider uses “cookies”. The lack of changes in the browser settings on the part of the Client is tantamount to consenting to their use.
2. Installing “cookies” is necessary for the proper provision of services in the store. The “cookies” files contain information necessary for the proper functioning of the Store, in particular those requiring authorization.
3. The Store uses three types of “cookies”: “session”, “fixed” and “analytical”.
a) “Session” cookies are temporary files that are stored in the Customer’s end device until they log out (leave the Store).
b) “Persistent” cookie files are stored in the Customer’s terminal device for the time specified in the “cookie” file parameters or until they are removed by the Service Recipient.
c) “Analytical” cookies allow a better understanding of how the Customer interacts with the content of the Store, better organize its layout. “Analytical” “cookies” collect information about the manner of using the Store by the Customer, the type of website from which the Recipient was redirected, and the number of visits and time of the Customer’s visit to the Store. This information does not record specific Customer’s personal data, but it is used to develop statistics on the use of the Store.
4. The Client has the right to decide on the access of “cookies” to his computer by selecting them in the window of his browser. Detailed information about the possibilities and ways of handling “cookies” are available in the software (web browser) settings.
VI. FINAL PROVISIONS
1. The Administrator uses technical and organizational measures to ensure that personal data being processed is protected against hazards and categories of data protected, in particular, protects data against unauthorized access, being taken by an unauthorized person, processing in violation of applicable laws and changes, loss, damage or destruction .
2. The Service Provider shall make available appropriate technical measures to prevent the unauthorized persons from obtaining and modifying personal data sent electronically.
4. A customer who is a consumer has the right to use extrajudicial dispute resolution. For the purpose of an amicable settlement of a dispute, a consumer may, for example, file a complaint via the online platform ODR (Online Dispute Resolution), available at: http://ec.europa.eu/consumers/odr/