Since May 25, 2018. the Member States of the EU are changing the requirements for the processing of personal data. The introduction of RODO implies, firstly, the need to adjust the legislation for the development of technology, and secondly, the need to introduce uniform rules for the protection of personal data in all countries of the European Union.
RODO is a Regulation of the European Parliament and of the Council (EU) nr 2016/679 from date of 27 April 2016 concerning the protection of individuals in connection with the processing of personal data and the free movement of such data (or the General rules and regulations on the protection of personal data – RODO).
The scope of the document
This notification explains how “JollyHeap” Svitlana Sapunova processes personal data of clients as a part of its activities in the field of cooperation and documentation under current legislation.
1. The personal data Administrator
The personal data Administrator of is” JollyHeap ” Svitlana Sapunova, NIP 8992772832, the owner of the website available at https://shop.jollyheap.com/ (next: Website)
2. The Data Protection Inspector
The Administrator has not appointed a Data Protection Inspector
3. Source and method of data collection
Personal data is collected on the basis of information provided by the User during the process of providing information and sending contact messages, as well as through the automatic collection of cookies during the visit to the website https://shop.jollyheap.com/
4. Purpose, basis and terms of personal data processing:
4.1 We process this data for the purposes described in our policy in order to respond to the contact form sent by you through our website.
4.2 Preparation and signing of the contract (offer or order) and taking measures before the conclusion of the contract, including:
- Sending of offers.
- Coordination of terms of cooperation.
- Applying for questions relating to the contract (offer or order).
- Signing of contract.
- Storage of contract.
The legal basis for the processing of personal data in this situation is the article 6, paragraph 1, letter b RODO. The data will be processed from the moment of their collection until the implementation or termination of the above contracts.
4.3 Implementation of the concluded agreement (offer or order), including:
- Confirmation of acceptance of the application or order.
- Applying for questions regarding the implementation of the contract or order.
- Implementation of measures necessary for the implementation of the contract or order (for example, transportation, delivery).
4.4 provision of after-sales services, including:
- Support of complaint processes.
- Support of warranty processes.
4.5 provision of services through the website Wfirma.pl, including:
- User installation.
- Sending messages via the website.
- Control over user actions.
4.6 Maintenance of financial and accounting documentation.
The legal basis for the processing of personal data, in this case will be article 6, paragraph 1, letter C of RODO in connection with Art. 74 of the accounting bill. The data, obtained from the ledgers, must be kept for five years from the beginning of the next financial year which they affect.
4.7 Verification of counterparty and supporting sales.
4.8 monitoring of receivables and research or protection of claims in matters of cooperation.
4.9 Determination, investigation or protection against claims of the parties to the contract (e.g. in the case of claims arising from the guarantee, as well as the lack of settlement of debts arising from the contract binding the parties).
The legal basis for the processing of personal data, in this case will be article 6, paragraph 1, letter C of RODO. The data will be processed during the limitation period of claims arising from the contract between the parties.
4.10 Managing and internal reporting.
4.11 Marketing of own products.
4.12 Analysis and development of business and quality processes.
Personal data obtained from cookies will be processed up to the time of expiration or loss of suitability or withdrawal of consent, but no longer than 3 years.
5.What data are we talking about?
For each process and purpose, we collect different types of data, which may include:
- personal data that you provide to us by phone or the data which is transmitted by you to us through the contact form on our website (i.e. your name, email address and phone number);
- company or branch name;
- address and contact details (e.g. street, house number, postal code, e-mail address, telephone);
- other identification data (TIN, OKPO, activity registration number, passport or insurance certificate number) );
- Bank details (e.g. account number, Bank name);
- organizational data (e.g. position / function);
- basic data from contracts (for example, date of conclusion, contract number, subject of contract, duration, value, or price of the items, sales conditions);
- information about current shipments and deliveries;
- numbers, dates, value and content of invoices and other documents, financial and accounting.
6. Is it the provision of data voluntary?
Provision of personal data is voluntary, but the absence of data marked as necessary prevents contact with the User. The provision of personal data in order to reply to the contact and collection of cookies is voluntary.
7. What are cookies and why are they collected?
Cookies are information data, such as text files, stored on the device using which the User views the content of the website. This data contains information automatically collected during the user’s visit to the website, including IP address, browser data, URL of the page, previously visited by the user (referred link), transmission of information and error reports. Cookies are used to adapt web content to the user’s preferences, to maintain the session during the User’s visit to the website in order to create statistics and analyze User’s behavior, as well as as a supportive material used to administer the server.
Google tools such as Google Analytics, are used to track activity and create statistics. Google does not use the collected data to identify You and does not link this information to facilitate identification. See here the detailed information about the data collection rules and how this service is available: https://www.google.com/intl/pl/policies/privacy/partners
The user can change the settings for the access and storage of cookies by using the browser settings or the settings of the end device with which he / she views the content of the website.
8. How long will we process personal information?
The transferred personal data of the Users will be processed during the period of provision of the services, and in justified cases also after the end of their provision, particularly, in cases provided by the law settlements, statistical or legal claims. Users ‘ personal data collected in cookies, as well as for marketing purposes, are processed until the submission of a reasonable objection or withdrawal of consent to such processing.
9. Data recipients
Personal data is transferred to the organizations providing services in favor of the Administrator, including IT-services, postal, courier, hosting and marketing organizations, and occurs only in the amount and purposes determined by the Administrator, on the basis of the contract. The data may also be prepared for persons entitled to receive them in accordance with applicable legislation.
10. Data transfer outside the European Economic Area
In some cases, data may be transferred to recipients outside the European Economic Area, i.e. to Google LLC, based on appropriate legal guarantees, which are standard contractual terms, concerning personal data protection approved by the European Commission
11. The rights of persons whose data is processed
Users whose personal data is processed by the Administrator have such rights as:
- the right to withdraw consent to the processing of personal data at any time, without explanation;
- the right of access to personal data-the right to obtain certain information about the processing of personal data, as well as to obtain a copy of the data;
- the right to demand refutation of personal data-the right to demand correction or addition of outdated data;
- the right to request the deletion of personal data, the so – called ” right to be forgotten”, in a situation where the processing is not justified in the light of legislation;
- the right to require restrictions on the processing of personal data, the right to require restrictions on processing only for storage or other operations on data until the justified reasons occur;
- the right to object the processing, due to specific situation of the person related to the data, or if the data is processed for marketing purposes;
- the right to transfer personal data, the right to receive a record of data in suitable format, the range in which the data is processed in connection with the concluded agreement or expressed consent.
The user also has the right to lodge a complaint in connection with the processing of personal data for the Supervisory authority, i.e. the Head of Personal Data Protection Department.
12. How to contact us to take advantage of these rights or for more information concerning processing of personal data?
In matters related to processing of personal data, please email us: firstname.lastname@example.org