1. The Personal Data Administrator on the Online Store at: www.exito.site, hereinafter referred to as the Online Store, is Dariusz Światłoń conducting business activity under the company name “Dariusz Światłoń EXITO”, principal place of business: ul. Wojciecha Gersona 28, 30-818 Kraków, registered in the Polish Central Registration on Business (CEIDG) database, Tax ID (NIP): 9451869058, National Business Registry Number (REGON): 120218051, hereinafter referred to as the Administrator.
2. With respect to your rights as personal data subjects (i.e. people to whom the data relates) and with respect to the mandatory rules of law, including especially the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/WE (General Data Protection Regulation), hereinafter referred to as GDPR, the Polish personal data protection Act of 10 Mai 2018 (hereinafter referred to as the Act) and other relevant personal data protection laws, we commit to maintaining the safety and confidentiality of all personal data that you share with us. All our employees have been properly trained in personal data protection, and our company, as the Administrator, has introduced new security measures, as well as technical and organisational means, in order to ensure the highest possible level of personal data protection. We have introduced appropriate procedures and policies to process personal data in accordance with GDPR, so that personal data processing occurs lawfully and reliably and you, as the persons to whom the data relates, may execute all your relevant rights. Additionally, if needed, we cooperate with the regulatory body within the territory of the Republic of Poland, i.e. the President of the Data Protection Authority (hereinafter referred to as PDPA).
3. Our Online Store collects the following personal data:
a) name and surname – may be processed when as users of our Online Store (including customers or potential customers) you provide it to us via email, registration form, order form, contact form available in our Online Store, traditional mail or on phone contact, in to take advantage of the offer of our Online Store, as well as to properly address a shipment containing the product ordered by you and provide other services to you,
b) address of residence or correspondence - it is necessary for correct shipment of ordered Products; its indication is necessary if you make purchases in our Online Store,
c) phone number – may be processed in the case of phone contact from you (including as customers or potential customers), and also when you provide it to us via email, registration form, order form, contact form available in our Online Store or traditional mail, in order to enable us to contact you in the event of such a need in connection with the shipment of the Product ordered by you, as well as to answer questions related to the offer of our Online Store,
d) e-mail address – may be processed when as users of our Online Store (including customers or potential customers) you will provide it to us in the event of contact via email, registration form, order form or contact form available in our Online Store, as well as via traditional mail or by phone contact; by e-mail address we send you confirmation of the order, we contact you in the event of such a need related to the implementation of the contract, as well as we answer questions related to the offer of our Online Store; if you have consented to the transfer of marketing content and you subscribed to our newsletter, we will also send you commercial information several times a month,
e) Tax Identification Number - we collect the Tax Identification Number from entrepreneurs and persons who request an invoice and have a Tax Identification Number,
f) IP address of a device – the general information relating to the usage of Internet-based connections, such as IP addresses (and other information contained in the system logons) are used for technical reasons, and the IP addresses may also be used for statistical purposes, especially collecting general demographic data (e.g. about the region from which a connection is received),
g) other data may be collected within the scope of conducting other matters, or may be provided by you, as users of our website (also as clients and potential clients), via e-mail, traditional mail, contact form or via phone.
4. Provision of the data specified above is mandatory in the following circumstances:
a) in order to take advantage of the offer available in our Online Store by placing an order through the order form, including without the need to register (create) an account in the Online Store,
b) in order to send Products ordered by you in our Online Store,
c) in order to answer your questions and enable contact via email, contact form available in the Online Store, traditional mail or phone contact,
d) for voluntary registration - creating an account in our Online Store; in this case, we store the data you provide to facilitate the future use of our Online Store until you unregister (delete account) and to take advantage of privileges addressed to the registered customers,
e) in order to provide the service (subscription) of the newsletter - if you want to be informed about interesting events and commercial offers, you can become a subscriber to the newsletter we run; subscription is voluntary and you can unsubscribe at any time.
5. Our Online Store utilises the Cookies technology to match its functionality to your individual needs. Therefore, you can agree that the data and information you enter will be remembered so that you can use them the next time when you visit our Online Store without having to re-enter them. Owners of other websites will not have access to this data and information. If, however, you do not agree to personalisation of the Online Store, you may disable the Cookies in your Internet browsers.
7. As per the rule of minimisation, we only process the categories of personal data that are considered necessary to achieve purposes specified in the point 3 and 4 above.
8. We shall process the personal data only for however long it is necessary to achieve said purposes specified in the point 3 and 4 above. The personal data may be processed for a longer period of time only when the Administrator is required by the relevant mandatory rules of law to do so, by the legally justified interest of the Administrator, referred to in point 10c below (i.e. during the period of limitation of claims or termination of relevant proceedings, if they were instituted in the limitation period) or when the provided service is continuous.
9. The source of the personal data processed by the Administrator are the persons to whom the data relates.
10. The legal basis for processing your personal data is, first and foremost:
a) 6.1.b of the GDPR, i.e. processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or
b) 6.1.c GDPR, i.e. indispensability to fulfill legal obligations incumbent on the Administrator, or
c) 6.1.f of the GDPR, i.e. legitimate interests pursued by the Administrator, such as determining, demanding, or defending claims, until they lapse or until the relevant proceedings are completed, if they were initiated within that period, or
d) 6.1.a of the GDPR, i.e. your consent to the processing of personal data for one or more specific purposes, when other legal bases for data processing are not applicable.
11. Your personal data shall not be shared with any third country or international organization, as per the GDPR. If the personal data is shared with a third country or international organization, you shall be duly informed thereof, and the Administrator shall utilise security measures, as per Chapter V of the GDPR.
12. No personal data is shared with any third parties without express consent of the person to whom the data relates. Personal data may be shared without the consent of the person to whom it relates only with legal public bodies, i.e. government and administrative bodies (e.g. tax offices, judicial authorities and other entities with a mandate stipulated by the relevant mandatory rules of law).
13. Personal data may be shared with entities that process the data on our request, i.e. on the request of the Administrator. In such cases, as the Administrator, we conclude a contract for personal data processing with such an entity. The processing entity processes the shared personal data solely for purposes specified in the aforementioned contract. Without sharing the personal data with such entities we would not be able to conduct our business activity in our Online Store. As the Administrator, we share the personal data for processing with the following entities:
a) providing hosting services for the Online Store,
b) providing postal, courier and transport services - in order to deliver ordered Products
c) providing other services to us, which are necessary for the proper functioning of the Online Store.
14. The personal data is not profiled by the Administrator, as per the GDPR.
15. According to the GDPR, each person whose personal data is being processed by the Administrator as the right to:
a) be informed of the processing of their personal data, as per art. 12 of the GDPR,
b) have access to their personal data, as per art. 15 of the GDPR,
c) correct or update the personal data, as per art. 16 of the GDPR,
d) delete the data (the right to be forgotten), as per art. 17 of the GDPR,
e) limit the processing, as per art. 18 of the GDPR,
f) transfer the data, as per art. 20 of the GDPR,
g) file a rejection to the processing of the personal data, as per art. 21 of the GDPR,
h) in the case of the legal basis referred to in point 10d above - the right to withdraw consent at any time without affecting the legality of the processing, which was made on the basis of consent before its withdrawal,
i) refuse profiling, as per art. 22 relating to art. 4.4 of the GDPR,
j) file a complaint to a regulatory body (i.e. to the President of the Data Protection Authority), as per art. 77 of the GDPR,
taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.
16. Should you wish to exercise any of your abovementioned rights, please use the appropriate tabs in the Online Store that allow you to delete your account and data collected in our Online Store or send a message by e-mail to an e-mail address or in writing to the correspondence address referred to in point 17 below.
17. Any questions, requests or complaints relating to personal data processing in our company (the Administrator), hereinafter referred to as Applications, should be sent to the following e-mail address: firstname.lastname@example.org, or in writing to the postal address of the Administrator: EXITO ul. Gersona 28, 30-818 Kraków, Poland.
18. The Application should clearly contain:
a) the data of the person or persons to whom the Application relates,
b) the event that the Application relates to,
c) the filed requests and their legal basis,
d) the desired means of solving the issue.
19. Each ascertained instance of security breach is documented, and should any of the events, as described by the GDPR or the Act, occur, the persons to whom the data relates, as well as the PDPA, if applicable, shall be informed of it.