- GENERAL INFORMATION
- THE PROCEDURE OF DATA PROCESSING
- THE PURPOSE, BASIS, THE PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE SHOP
- THE RECIPIENTS OF THE DATA IN THE ONLINE SHOP
- PROFILING IN AN ONLINE SHOP
- THE RIGHTS OF THE DATA SUBJECT
- COOKIES IN THE ONLINE SHOP, EXPLOITATION DATA AND ANALYSIS
- FINAL CONDITIONS
- The administrator of personal data collected through the Internet Shop is NAPI L.L.P. with its registered office in Michałowice-Wieś (registered office address: Sąsiedzka 3 / D11-D12, 05-806 Sokołów and delivery address: Palacowa str. 25, Boxzone 3, 05-816 Michalowice); entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000846790; registration court where the documentation of the company is stored: District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register; NIP: PL5342622747; REGON: 386335282, electronic mail address: firstname.lastname@example.org - hereinafter referred to as the "Administrator" and being at the same time the Service Provider of the Internet Shop and the Seller.
- Personal data in the Internet Shop are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (general regulation on data protection) - hereinafter referred to as "RODO" or "RODO Regulation". The official text of the RODO Regulation
- The Administrator shall take special care in order to protect the interests of persons to whom the personal data processed by him/her relate, and in particular shall be responsible and shall ensure that the data collected by him/her are kept: (1) processed in accordance with the law; (2) collected for designated, lawful purposes and not subject to further processing incompatible with those purposes; (3) substantially correct and adequate in relation to the purposes for which they are processed; (4) stored in a form enabling identification of the data subjects no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner ensuring adequate security of personal data, including protection against unlawful or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.
- Taking into account the nature, scope, context and purposes of the processing and the risk of any violation of the rights or freedoms of natural persons with varying degrees of probability and seriousness of threat, the controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with this Regulation and to demonstrate this. Those measures shall be reviewed and updated as necessary. The controller shall apply technical measures to prevent personal data transmitted electronically from being acquired and modified by unauthorised persons.
1. GENERAL INFORMATION
- The controller shall be entitled to process personal data in cases where - and to the extent to which - at least one of the following conditions is met: (1) the data subject has consented to the processing of his/her personal data for one or more specified purposes; (2) the processing is necessary for the performance of the contract to which the data subject is a party or for taking action at the request of the data subject prior to the conclusion of the contract; (3) the processing is necessary for the fulfilment of a legal obligation incumbent on the Administrator; or (4) processing is necessary for purposes based on legitimate interests pursued by the Administrator or by a third party, except where the interests or fundamental rights and freedoms of the data subject requiring protection of personal data prevail over these interests, in particular where the data subject is a child.
2. THE PROCEDURE OF DATA PROCESSING
- Each time the purpose, basis, period and scope of personal data processed by the Administrator results from the actions taken by a given Customer or Client in the Online Shop. For example, if the Customer decides to make a purchase in the Online Shop and chooses to personally collect the purchased Product instead of a courier service, his/her personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier carrying out shipments on behalf of the Administrator.
- The Administrator may process personal data in the Online Shop for the following purposes, on the following basis, in the following periods and to the following extent:
3. THE PURPOSE, BASIS, THE PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE SHOP
|Purpose of the data processing||Legal basis of the data processing and storage period||Scope of the data processing|
|Execution of a Sales Agreement or an agreement to provide an Electronic Service or taking action at the request of the data subject prior to the conclusion of the aforementioned agreements||Article 6(1)(b) of the RODO Regulation (execution of the agreement).
The data shall be stored for the period necessary to perform, terminate or otherwise terminate the contract.
|Maximum scope: name and surname; e-mail address; contact telephone number; delivery address (street, house number, apartment number, post code, town, country), address of residence/business activity/situation (if different from delivery address).
In the case of Customers or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer or Customer. The given scope is maximum - in the case of e.g. personal collection, it is not necessary to provide the delivery address.
|Direct marketing||Article 6(1)(f) of the RODO Regulation (legitimate interest of the controller) Data is stored for the period of existence of a legitimate interest pursued by the Administrator, but not longer than the statute of limitations of claims against the data subject due to the Administrator's business activity. The statute of limitations is specified by law, in particular the Civil Code (the basic statute of limitations for claims related to business activity is three years, and for sales contracts two years).
The Administrator may not process data for the purpose of direct marketing in the event of an effective objection in this respect by the data subject.
|Marketing||Article 6(1)(a) of the RODO Ordinance (consent)
Data shall be stored until the data subject withdraws his or her consent to the further processing of his or her data for this purpose.
|Name, e-mail address|
|Expression by the Customer of an opinion on the concluded Sales Agreement||Agreement Article 6(1)(a) of the RODO Regulation
Data shall be stored until the data subject withdraws his or her consent to the further processing of his or her data for this purpose.
|Keeping tax or accounting books||Article 6(1)(c) of the RODO Regulation in conjunction with Article 86 § 1 of the Tax Ordinance, i.e. of 17 January 2017. (Journal of Laws of 2017, item 201) or art. 74 section 2 of the Accounting Act, i.e. 30 January 2018. (Journal of Laws of 2018, item 395)
The data is stored for the period required by the law to require the Administrator to keep tax books (until the expiry of the statute of limitations on tax liability, unless otherwise provided by tax laws) or accounting books (5 years from the beginning of the year following the financial year to which the data refer).
|Name and surname; address of residence/business/situation (if different from the delivery address), company name and tax identification number (NIP) of the Company or Customer|
|Identification, recovery or defence of claims which may be raised against the Administrator or by the Administrator||Article 6(1)(f) of the RODO Regulation
The data shall be stored for the period of the existence of a legitimate interest pursued by the Administrator, but not longer than the period of the statute of limitations of claims against the data subject due to the Administrator's business activity. The statute of limitations is specified by law, in particular the Civil Code (the basic statute of limitations for claims related to conducting business activity is three years, and for sales contracts two years).
|Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, post code, city, country), address of residence/business activity/situation (if different from delivery address).
In the case of Customers or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Company or Customer.
- For the proper functioning of the Internet Shop, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers or payment service providers). The Administrator uses only the services of such processing entities, which provide sufficient guarantees of implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RODO Regulation and protects the rights of data subjects.
- Personal data of the recipients and customers of the Online Shop may be transferred to the following recipients or categories of recipients:
- carriers / forwarders / courier brokers - in the case of a Customer who uses the method of delivery of a Product in the Online Shop by mail or courier mail, the Administrator shall make the collected personal data of the Customer available to a selected carrier, forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to carry out the delivery of the Product to the Customer.
- entities handling electronic payments or payment card - in the case of a Customer who uses the method of electronic payment or payment card in the Internet Shop, the Administrator shall make the collected personal data of the Customer available to a selected entity handling the above payments in the Internet Shop at the request of the Administrator to the extent necessary to handle the payment made by the Customer.
- creditors/leasers - in the case of a Customer who uses the payment method in the Online Shop in the installment or leasing system, the Administrator shall make the collected personal data of the Customer available to a selected creditor or lessor servicing the above payments in the Online Shop on the order of the Administrator to the extent necessary to service the payment made by the Customer.
- supplier of opinion polls system - in the case of a Customer who agreed to express an opinion on a concluded Sales Agreement, the Administrator shall make the collected personal data of the Customer available to a selected entity providing a system of opinion polls on concluded Sales Agreements in the Online Shop on behalf of the Administrator to the extent necessary to express the opinion of the Customer using the opinion polls system.
4. THE RECIPIENTS OF THE DATA IN THE ONLINE SHOP
- The Administrator may use profiling in the Internet Shop for the purposes of direct marketing, but the decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Internet Shop. The effect of using profiling in the Internet Shop may result in, for example, granting a discount to a given person, sending them a discount code, reminding them of unfinished purchases, sending a proposal for a Product that may correspond to the interests or preferences of a given person or offering better conditions compared to the standard offer of the Internet Shop. Despite profiling, the person concerned is free to decide whether they want to take advantage of the discount or better terms and conditions and make a purchase in the Online Shop.
- Profiling in the Internet Shop consists in an automatic analysis or forecast of a given person's behaviour on the Internet Shop website, e.g. by adding a specific Product to a basket, browsing the website of a specific Product in the Internet Shop or by analysing the history of purchases made in the Internet Shop. The condition of such profiling is that the Administrator has personal data of a given person, in order to be able to send him/her a discount code.
- The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and has legal effect or a similar effect on the data subject.
5. PROFILING IN AN ONLINE SHOP
- Right of access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to his or her personal data, rectification, erasure ("right to be forgotten") or restriction of the processing and has the right to object to the processing and the right to port his or her data. Detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the RODO.
- Right to withdraw consent at any time - a person whose data are processed by the Administrator on the basis of the consent given (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO Regulation), is entitled to withdraw consent at any time without affecting the lawfulness of the processing performed on the basis of consent prior to its withdrawal.
- The right to lodge a complaint to the supervisory authority - a person whose data are processed by the Administrator has the right to lodge a complaint to the supervisory authority in the manner and manner specified in the provisions of the Ordinance of the Council of Ministers and the Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for the Protection of Personal Data.
- Right to object - the data subject has the right to object at any time - for reasons related to his/her particular situation - to the processing of his/her personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The controller shall in that case no longer be allowed to process such personal data unless he proves that there are compelling legitimate grounds for the processing, overriding interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.
- Right to object to direct marketing - where personal data are processed for the purposes of direct marketing, the data subject shall have the right at any time to object to the processing of personal data relating to him for the purposes of direct marketing, including profiling, insofar as the processing is related to such direct marketing.
6. THE RIGHTS OF THE DATA SUBJECT
- HTTP Cookies are small text information in the form of text files, sent by a server and stored on the website of a person visiting the Internet Shop (e.g. on the hard drive of a computer, laptop or smartphone memory card - depending on which device a visitor to our Internet Shop uses). Detailed information about cookies, as well as the history of their creation can be found here: https://en.wikipedia.org/wiki/HTTP_cookie
- The Administrator may process the data contained in cookies when visitors use the website of the Internet Shop for the following purposes:
- to identify Service Recipients as logged in to the Online Shop and to show that they are logged in;
- remember the Products added to the basket in order to place an Order;
- remember data from completed Order Forms, surveys or log-in data to the Online Shop;
- adjust the content of the Online Store's website to the Customer's individual preferences (e.g. concerning colours, font size, page layout) and optimise the use of the Online Store's websites;
- maintain anonymous statistics presenting the use of the Online Store's website;
- Remarketing, i.e. research into the behavioural characteristics of visitors to the Online Store through an anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create a profile and provide them with advertisements tailored to their anticipated interests, including when they visit other websites within the advertising network of Google Inc. and Facebook Ireland Ltd;
- Detailed information on how to change and delete cookies in the most popular web browsers can be found in the help section of your web browser and on the following pages (click on the link):
Chrome browser help
Firefox browser help
Internet Explorer browser help
Opera browser help
Safari browser help
Microsoft Edge browser help
- Administrator may use Google Analytics, Universal Analytics provided by Google Inc. in the Webshop. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help Administrator analyze traffic in the Online Store. The collected data is processed within the framework of the above services in an anonymous way (so called exploitation data, which makes it impossible to identify a person) to generate statistics helpful in the administration of the Internet Shop. These data are aggregated and anonymous, i.e. they do not contain any identifying features (personal data) of persons visiting the website of the Internet Shop. Administrator using the above services in the Online Shop collects data such as sources and medium of obtaining Internet Shop visitors and the way they behave on the website of the Online Shop, information on devices and browsers from which they visit the site, IP and domain, geographical data and demographic data (age, gender) and interests.
- You may refuse the use of Google Analytics to provide information about your activities on the Online Store by selecting the appropriate browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl
- Administrator may use the Online Store's Facebook Ads service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and find out what action visitors to the online store are taking, as well as displaying tailored advertisements to those visitors. Details of how Facebook Ads works can be found at the following web address: https://www.facebook.com/business/ads
7. COOKIES IN THE ONLINE SHOP, EXPLOITATION DATA AND ANALYSIS