1. General provisions
1.2. The policy defines the rules of the collection and processing of personal data collected by the administrator both during the use of the shop’s functionality and at the stage preceding the conclusion of the contract for the provision of services by email, including the case of making purchases without setting up an account and in the case of subscribing to the newsletter.
1.3. The policy also applies to the processing by the administrator of personal data of persons observing the administrator’s profile on the portals Facebook, Instagram, Youtube, as well as in the case of the processing of personal data obtained by the administrator during the conclusion of contracts and performing actions before the conclusion of contracts in services that mediate the sale of goods offered by the Administrator, such as allegro.pl.
2. Personal data Administrator
The administrator of personal data is Svitlana Sapunova, conducting business under the name “JOLLY-HEAP” Svitlana Sapunova with its registered office in Rzeplin, Aleja Led 4, 55-020 Rzeplin, NIP: 8992772832, REGON: 362440030. Other contact details of the Administrator are e-mail: email@example.com, Tel.: +48 575 935 005.
3. Legal basis for the processing of personal data
3.1. Your personal data are processed in accordance with regulation 2016/679 of the European Parliament and of the European Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as RODO).
3.2. The legal basis for the processing of your personal data by the administrator is:
a) your personal consent (article 6 (1) let. a RODO);
b) the necessity to implement the agreements concluded by you and the administrator, as well as to take action before the conclusion of these agreements at your request (article 6 (1) let. b RODO);
c) the processing is necessary to fulfil the legal obligation incumbent on the administrator (article 6 (1) let. c RODO).
3.3. Your submission of personal data according to point a and b is voluntary, however, refusal to provide the data will prevent you from using the shop, including making purchases and using other services provided online by the administrator.
3.4. Your personal data may be processed relatively to a legitimate interest of the administrator for the purpose of securing and pursuing claims, as well as for the purpose of direct marketing of services provided by the administrator, e.g. via a newsletter (article 6 (1) let. f RODO).
4. Purposes and scope of the processing of personal data
4.1. The personal data provided by You will be processed:
a) for the purpose and to the extent necessary for the conclusion and performance of the contract,
b) in order to fulfil the legal obligation incumbent on the administrator (arising, for example, from accounting and tax legislation),
c) for purposes arising from legitimate interests pursued by the administrator (i.e. securing and pursuing claims, marketing of own products and services).
4.2. In connection with the above purposes of data processing, the administrator will particularly process the following personal data of Yours: name, address, e-mail, telephone number, as well as other data resulting from your profile in the social network through which you contact the administrator. The administrator will also process data such as cookies and IP number.
4.3. During the conclusion of contracts and performing actions before the conclusion of contracts of intermediary services for the sale of goods offered by the administrator, such as allegro.pl., the administrator may process the necessary for the performance of the sales’ contract data provided through the given internet portal.
4.4. When using the login or registration to the shop using the option “log in with Google” or “log in with Facebook”, the administrator may process your following data: name, surname and email address.
5. Personal data sharing
5.1. Your personal data will be disclosed to the competent state authorities or to third parties if such obligation arises under generally applicable law.
5.2. The administrator in order to perform properly the provided services may disclose your personal data, depending on the chosen method of delivery of the order and the method of payment, to the selected carrier or intermediary carrying out shipments on behalf of the administrator for the purpose of delivery, as well as to the operator handling electronic payments or card payments, to the bank, holding the administrator’s bank account, in order to enable you to make payment for the order. The administrator may also disclose your personal data to the accounting office, as well as to the hosting service providers and IT operators who maintain the shop.
5.3. The administrator processes personal data coming directly from You (persons which are the data subjects).
5.4. Data may, in some cases, can be transferred to recipients outside the European Economic Area, i.e. to Google LLC based on the appropriate legal guarantees, which appear as standard contractual clauses of personal data protection, approved by the European Commission.
6. Data protection
6.1. The administrator is obliged to protect your data collected during the use of the shop in accordance with the applicable regulations and in accordance with the highest standards of security and data protection.
6.2. The administrator ensures the security of personal data by implementing appropriate technical and organizational measures to prevent unlawful processing of data and their accidental loss, destruction and damage. The Administrator takes all possible measures to ensure that personal data is:
a) correct and processed in accordance with the law,
b) obtained only for specific purposes and not further processed in a way incompatible with those purposes,
c) adequate, appropriate and not excessive
d) accurate and actual
e) not stored longer than necessary,
f) processed in accordance with the rights of the persons concerned, including the right to object the sharing,
g) stored safely,
h) not transferred without adequate protection.
6.3. Collected personal data are protected from access by third parties. Only persons authorized by the administrator, educated in the field of personal data protection and obliged to keep your personal data confidential are allowed to process your personal data.
6.4. Personal data collected for the purpose of concluding or executing a contract and fulfilling a legal obligation by the administrator shall be stored for the period necessary for: (1) securing or investigating possible claims arising from the contract, (2) executing the contract (e.g. processing complaints), (3) fulfilling a legal obligation imposed on the administrator (e.g. arising from accounting and tax legislation). Personal data processed for marketing purposes, including the provision of a newsletter service and for purposes other than those listed above, will be processed until the previously expressed consent to their processing for this purpose is withdrawn or until an objection is raised.
7.1. You have the right to request from the administrator the access to your personal data, denial, deleting or restriction of processing, the right to transfer data and to object to the processing, as well as the right to transfer data. You have the right to revoke your prior consent to the processing of your personal data at any time.
7.2. You have the right to obtain the following information from the administrator about:
a) the purpose, scope and way of processing of your personal data,
b) from what moment your data are processed,
(c) the source of your data origin,
(d) the recipients or categories of recipients to whom the data are made available.
7.3. In addition, at your request, the administrator will fulfill, update and correct your personal data, as well as suspend (temporarily or permanently) their processing or delete them if your data prove to be incomplete, outdated, untrue or were collected in violation of the law or are no longer necessary to achieve the purpose for which they were collected.
7.4. In addition, if the administrator processes your data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of such marketing activity, including profiling, to the extent that the processing is related to such direct marketing. In order to take advantage of the entitlements referred to in this paragraph, a request to the administrator shall be made to the e-mail address referred to in paragraph 2.
7.5. You have the right to lodge a complaint with the supervisory authority if you consider that the processing of your personal data violates applicable law.
8.2. Cookies are information that is sent by a server and stored on your device (e.g. your computer’s hard drive or your phone’s memory).
8.3. The data obtained by using cookies does not allow to identify you but allows the administrator to determine whether the application was visited using a particular device (which is not uniquely with information about who visited the application) and what preferences did the user have at that time (what interested him most in the application).
8.4. The Administrator uses internal cookies:
a) to ensure the proper functioning of the application,
b) to keep statistics
c) to adapt the store to your preferences.
8.5. The administrator can place both permanent and temporary files on your device.
8.6. Temporary files are usually deleted when the browser is closed, while permanent files are not deleted when the browser is closed.
8.7. Temporary files are used to identify the user as a logged in.
8.8. Permanent files are files that provide specific functionality not only during a given session, but for the entire duration of their storage on the device. For example, permanent files are used to collect information about how the shop is used, including data concerning the subpages visited by the user and possible errors or to check the effectiveness of the shop’s ads.
8.10. You may delete cookies left by the shop from your device in accordance with the manufacturer’s instructions of your web browser at any time.
8.11. It is also possible to block cookies from accessing your device by configuring your browser, but then the shop may not function properly.
8.12. The administrator uses a server that automatically stores logs in the server system information about the device that you use when connecting to the store for the purpose of analyzing the work of the information system, i.e. the type of device and browser you use, your computer’s IP, date and time of entry, a textual description of the event, event qualification.
8.13. Log files shall only be accessed to persons authorized to administer the IT system. Log files can be used to compile statistics on the assessment of traffic of the application and the occurrence of errors that make it impossible to identify you.
9. Final provisions