2. Words and phrases that were used in the definitions of the Regulations and beginning with a capital letter, have been used in this document and have the meaning given to them in the regulations of the online store, which is available on the store's website.
3. The administrator of personal data collected via the online store as defined in Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repeal Directive 95/46 / EC (general regulation on data protection) of 27 April 2016 (Journal of Laws of the EU, No. 119, p. 1), hereinafter referred to as of the GDPR (here you can read the regulation chttp: / /eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is Małgorzata Czaplicka, running a business under the name Pig & Frog Małgorzata Czaplicka, entered in the Central Register and Information on Economic Activity, having the address of the place of the main activity and the address for delivery: ulica Grabowa 5, 05-126 Michałów-Grabina, Tin (NIP): 9511942363, REGON: 365382071, telephone number: +48 602 101 741, electronic mail: firstname.lastname@example.org, hereinafter referred to as the Seller.
4. Users' personal data are processed in accordance with the provisions on the protection of personal data and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
1. The online store administrator makes every effort to protect the privacy of Users and Customers of the online store and all data and information that has been obtained from them. With due diligence, it selects and applies technical protection measures, both programming and organizational, thus ensuring complete protection against disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
2. The administrator informs that the online store uses a transmission protocol that ensures the security of data transmission on the internet, namely it has the SSL (Secure Socket Layer v3) protocol installed. It is a type of security consisting in coding data before they are sent from the Customer's browser and decoding after safely arriving at the store's server. Information sent from the server to the client is also encrypted, and after reaching the target, it is decoded.
3. Data collected by the Administrator are processed in accordance with the law, respecting the principles of fairness and transparency, are collected to the minimum necessary for the specified purposes and processed in accordance with them, not subjected to further processing incompatible with those purposes, adequate and correct content-related to the purpose and stored in a way that allows identification of data subjects. The period of data storage depends on the purpose of the processing and limited to the achievement of the assumed purpose.
5. The administrator has the right, as well as the statutory obligation to provide information about customers of an online store to public authorities, for example in connection with conducting proceedings for possible violations of law or third parties who submit such a request on the basis of applicable Polish law.
6. The use of services and tools made available as part of an online store, as well as providing personal data by the User is voluntary. However, their application may be necessary to conclude and execute a sales contract or contract for the provision of electronic services in an online store, thus their absence will prevent the conclusion of such a contract. The scope of data necessary to conclude the contract is indicated on the website of the online store and in the regulations of the online store.
Recipients of personal data of an online store
1. In order to ensure the proper operation of the online store, including for the implementation of sales contracts concluded, the Administrator uses the services of external entities. The administrator submits data only when it is necessary to perform a given purpose of personal data processing and only to the extent necessary to complete it.
2. Examples of recipients of personal data of online store customers are:
• carriers - in a situation where the Customer purchasing in the online store chooses the delivery method by courier,
• entities servicing electronic payments or by a payment card - the Administrator entrusts the Customer's personal data to the entity servicing a given payment to the extent necessary to perform the service,
• service providers supporting the work of the Administrator of an online store, eg a supplier of computer software for running an online store, a hoster,
• entities providing accounting / accounting services.
3. Recipients of data (external entities) process personal data on the basis of relevant entrustment contracts signed with the Administrator of the online store. These entities collect, process and store personal data in accordance with their regulations and privacy policies.
4. Processing personal data of Customers and Clients of the online store www.pigandfrog.com. The administrator entrusts to the following entities:
a) hosting company - in order to store data on the server where the online store is installed and to provide care and IT and technical support over the store's website,
b) courier company - in order to carry out orders for an online store and delivery of goods to the customer or for the delivery of goods to the customer,
c) electronic payment operator - in order to enable electronic payments and payment by means of a payment card for the ordered goods or for the purpose of making internet payments to the Seller,
d) marketing company - in order to position the website of the online store
e) accounting office - to settle the payment and issue an invoice / invoice for the ordered goods / service or to keep accounting and human resources documentation or to fulfill the obligation of tax and accounting settlements or to conduct business accounting for the owner of an online store,
Acquiring, collecting a goal, scope and processing activities
1. The administrator acquires information about Users, including by collecting server logs, IP addresses, software and hardware parameters, browsed pages, mobile device identification number and other data regarding devices and systems usage. The collection of the above information will take place in connection with the use of the online store. These data are not used by the Administrator in order to identify the User / Client.
2. Navigational data may also be collected from customers, including information about links and links or other activities undertaken in the online store in order to facilitate the use of services provided electronically and to improve the functionality of these services.
3. The Administrator reserves the right to filter and block messages sent via the internal system of messages, in particular if they are spam, contain illegal content or otherwise threaten the security of the Users of the online store.
4. As part of the online store, the Administrator processes personal data of clients for the following purposes:
• take action before concluding the contract at the customer's request; ensuring full service of the store user including setting up and managing the account / accounts, contacting Users via e-mail in response to queries sent,
• provision of services that do not require the creation of an account and purchase of goods, i.e. browsing the websites of an online store, servicing the goods search engine, monitoring the activity of all users and specific Users,
• performance of a sales agreement or contract for the provision of Services by electronic means,
• facilitating the use of the online store and ensuring the IT security of the online store,
• establishing, investigating and enforcing claims and defending against claims in court proceedings and other enforcement organs,
• considering complaints, complaints and requests, and answers to questions,
• marketing and advertising related to the preparation of the service offer,
• Newsletter shipping.
5. The Administrator informs that the Customer collects, processes and stores the following data: name and surname, e-mail address (e-mail address), contact telephone number to deliver the order by courier, delivery address (street, house number, apartment number) , postal code, city, country), address of residence / business / registered office (if different from the delivery address).
In the case of Clients or Customers who are not Consumers, the Administrator may additionally process such data as: company name and tax identification number (NIP) of the Customer or the Customer.
CONTACT WITH THE CLIENT
7. The basis for data processing in connection with customer service, which includes contact with the customer in order to answer the query via e-mail, is art. 6 par. 1 lit. and GDPR or consent for processing. If a contract is concluded after the contact, the data will be processed pursuant to Article 6 paragraph 1 letter b of of the GDPR. The legal basis for the processing after the eventual termination of contact will be a justified purpose in the form of archiving correspondence for the purpose of showing its course in the future (pursuant to Article 6 paragraph 1 point f of the GDPR).
REGISTRATION OF ACCOUNT
8. Data of the User who, when creating an account will register in the online store, will be collected on the basis of the consent for processing (Article 6 paragraph 1 point a and GDPR). When the User decides to conclude the contract, the data will be processed on the basis of art. 6 par. 1 lit. b of the GDPR.
EXECUTION OF THE CONTRACT
10. By placing an order online store, the Customer provides personal data that is used to perform the contract, i.e. in connection with the implementation of the contract (art.6 item 1 letter b of of the GDPR), invoice and other activities related to tax law (art. 6 (1) (c). For archival and statistical purposes, the data will be processed on the basis of the justified interest of the Administrator (Article 6 (1) letter f of the GDPR).
11. The basis for the processing of data to establish, assert or defend claims that may be raised by the Administrator or which may be raised against the Administrator is Art. 6 par. 1 lit. f GDPR.
12. Data about orders will be processed for the time necessary to perform the contract, and then until the expiry of the period of limitation of claims under the contract. In addition, after this date, the data can still be processed for statistical purposes.
13. As part of the functionality on the website of the online store, the newsletter service is available. The data provided in connection with the subscription to the Newsletter are used only for the sending of the newsletter, based on the expressed consent (pursuant to Article 6 paragraph 1 point a of the GDPR).
14. The voluntary consent to send a newsletter or commercial information may be withdrawn at any time at the request of the Customer / User who will be sent via e-mail. The administrator, upon receipt of such a request - immediately, no later than within 48 hours from the moment of receiving information about the withdrawal of consent, deletes the Customer / User data from the contact database, which is used to provide commercial information by electronic means.
15. As part of the newsletter service, you can correct your data stored in the database at any time, request their removal, resign from receiving the newsletter and also use the right to transfer the data referred to in Article. 20 GDPR.
16. Plug-ins and other social tools provided by social networking sites such as Facebook or Instagram are installed on the www.pigandfrog.com online store. When viewing the website of the store where the plug-in has been placed, the User's browser will establish a direct connection to the Facebook or Instagram servers. The content of the plugin is provided by the given Service Provider directly to the User's browser and integrated with the website. This integration enables the Service Provider to receive information that the User's browser has viewed the website of the online store www.pigandfrog.com even if the User does not have a profile with the Service Provider or is not currently logged in to him. If the User is logged in to one of the social networking sites, then the Service Provider will be able to directly assign a visit to the Website to a given profile in a given social network.
Rights of data subjects
1. The GDPR grants the Clients / Users the rights in question, their list is given below. They are provided without any reason, but they are not absolute and will not be entitled to any processing of personal data. In a situation where the Client / User will want to fulfill any of his rights, he may at any time send a declaration of will to the e-mail address of the online store or the address of the Administrator's office.
I. The right of access to data implemented on the basis of art. 15 of the GDPR.
The Customer / User may report to the Administrator at any time to confirm whether his data is being processed, and if this is the case, the Customer has the right to:
• to gain access to personal data,
• to receive information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of the data, the planned period of customer / user data storage or criteria for determining this period (when it is not possible to determine the planned data processing period), about the rights The Client / User under the GDPR (when it is not possible to determine the planned data processing period), the rights of the Customer under the GDPR and the right to lodge a complaint to the supervisory authority, the source of such data, automated decision making, including profiling and safeguards applied in connection with the transfer of these data outside the European Union,
• to obtain a copy of your personal data.
II. The right to rectify data implemented on the basis of art. 16 of the GDPR.
The Customer / User has the right to request the Administrator to rectify his personal data immediately, which is incorrect. He also has the right to request supplementing his personal data. To correct or supplement your personal data, please send information to the e-mail address of the online store.
III. The right to delete data ("the right to be forgotten") - implemented on the basis of art. 17 of the GDPR.
a) the Customer / User may request the Administrator to delete all or some of his data,
b) The Customer / User has the right to request the deletion of his personal data if:
• personal data are no longer necessary for the purposes for which they were collected or processed,
• withdrew a specific consent to the extent to which personal data was processed based on the consent of the Client / User,
• objected to the use of their data for marketing purposes,
• personal data was processed unlawfully,
• personal data must be removed in order to comply with the legal obligation provided for by Union law or the law of the Member State to which the Administrator falls;
• personal data has been collected in connection with offering information society services
c) despite the Customer / User requesting the deletion of personal data in connection with opposition or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to comply with legal obligations an obligation that requires processing under Union law or the law of the Member State to which the Administrator falls,
d) deletion of personal data or cessation of processing by the Administrator may result in the inability to provide services provided via the online store or limiting the possibility of using the functionality of the online store.
IV. Expressing consent to the processing of personal data and the right to withdraw consent based on art. 7. paragraph 3 GDPR
a) the Customer / User accepting the statements placed by the Administrator in an interactive form available on the online store, consents to the processing of their data for specific purposes,
b) the Customer / User has the possibility to consent to the processing of his data for additional purposes by accepting optional statements proposed in the forms available on the online store website,
c) the Customer has the right to withdraw any consent he gave to the Administrator, withdrawal of consent will have effect from the moment of withdrawal of consent,
d) withdrawal of consent will not result in any negative consequences for the client, but may prevent further use of services or functionality that the Administrator may provide according to the law only with consent,
e) withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
V. The right to object to data processing carried out pursuant to art. 21 of the GDPR
a) the Customer / User has the right to object at any time for reasons related to his special situation in relation to the processing of his personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
b) sent by the Customer / User in the form of an e-mail message, resignation from receiving marketing information about products and services means the Customer / User's objection to the processing of his data, including profiling these purposes,
c) if the Administrator has no other legal basis allowing for the processing of the Client / User's data and the objection raised, the legitimate personal data to which the objection was raised will be removed.
VI. The right to submit a request to limit the processing of personal data carried out on the basis of art. 18 GDPR
The Customer / User has the right to request the restriction of his personal data when:
a) questions the correctness of your personal data - the personal data administrator will limit the processing of your personal data in time to check the correctness of this data,
b) the processing of personal data of the Client / User is unlawful, and instead of deleting personal data, the Customer / User requests the restriction of the processing of his personal data,
c) the personal data of the Customer / User ceased to be needed for processing purposes, but they are needed to establish, assert or defend the claims of the Customer / User,
d) when the Client / User has objected to the processing of his personal data - then the processing limit is limited until it is determined whether the legitimate interests of the Administrator of personal data override the grounds indicated in the objection of the Client / User.
VII. The right to request the transfer of personal data (Article 20 of of the GDPR)
The Customer / User has the right to receive from the Administrator his personal data in a structured, commonly used machine-readable format and to transfer them to another Administrator of personal data.
The Customer / User also has the right to request that the Administrator of personal data directly send the personal data of the Client / User to another Administrator (if it is technically possible).
VIII. The Customer also has the right to lodge a complaint to the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under the GDPR.
1. The Administrator, as part of running an online store, may use profiling for purposes related to direct marketing, i.e. sending a rebate code or rebate to a given person, reminding about unfinished purchases, displaying a specific advertisement based on his previous activity on the store website, submitting proposals a product which may correspond to the preferences or interests of a given person.
2. Despite using the profiling by the Administrator, however, the final, free decision regarding, for example, taking advantage of the proposed discount and making a purchase in a given online store is taken by the given Person.
3. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling and causes legal effects or similar affects with that Person.
Cookies policy, operational data and analytics
1. The online store uses small files called cookies, they are saved and stored on the computer or other end device of the Shop Users and Customers if the web browser allows it. Cookies usually contain the name of the domain from which they originate, their storage time on the Device and the assigned value.
2. Cookies are used to optimize the process of using the store's website in order to collect statistical data that allow to identify the use of Users from the online store website, which allows improving the structure of the online store. They are also necessary to maintain the client's session after leaving the online store.
3. The administrator uses two types of cookies:
a) session cookies (temporary): they are stored on the Customer's end device and remain there until the end of the browser session. The saved information is then permanently deleted from the device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Customer's device,
b) permanent cookies: they are stored on the Customer's device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not delete them from the client's device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the Customer's device.
4. The service administrator uses external cookies in order to:
a)collecting general and anonymous static data via analytical tools: Google Analytics (cookie administrator is Google Inc. with its registered office in the United States),
b) popularizing the online store using the social networking website www.facebook.com (administrator of external cookies: Facebook Inc. with its registered office in the USA or Facebook Ireland based in Ireland).
5. The administrator uses the Google Analitycs tracking code to analyze the statistics of the online store's website; Detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
6. The Customer may change the cookie settings at any time using the web browser he uses, including the possibility of blocking the collection of cookies. Such action may make it difficult or impossible to use the services and tools of the online store, including making it impossible to place an order.
7. If the Customer decides that he does not agree to the use of cookie peaks for the purposes described above, he may delete them manually at any time. Detailed instructions on how to proceed and information about cookies are included in the browser's help menu, which is currently used by the client. Examples of Internet browsers that support these cookies are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
8. Some third party entities operating as part of an online store allow Users to withdraw their consent to collect and use data for advertising purposes based on customer activity. More information on this topic and the option of making a choice can be found, for example, on the website: www.youronlinechoices.com. Sharing Google Analytics with activity information on the online store's website can be blocked by means of the share provided by Google Inc. the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en.