- The owner of the Store and at the same time the data administrator is Maciej Jakimiec representing the company Jakimiec & Partners sp. z o. o. . . with headquarters in Rozgartach (87-134), ul. Sarnia 12B, entered in the National Court Register under the number 0000333229, NIP 8792601511, REGON 340614090, hereinafter referred to as J&P.
- Personal data collected by J&P via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation), also known as the GDPR.
- J&P exercises special care to respect the privacy of customers visiting the Online Store.
§ 1 Type of data processed, purposes and legal basis
- J&P collects information on natural persons performing legal transactions not directly related to their business, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, conducting economic activity on their own behalf or professional, hereinafter jointly referred to as the Customers.
- Customers’ personal data is collected when customers place an order in the Online Store in order to perform a sales contract. Legal basis : Necessity to perform the sales contract (Article 6 (1) (b) of the GDPR).
- When placing an order in the Store, the Customer provides the following data:
- e-mail adress;
- address data;
- first name and last name.
- When using the Store’s Website, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
- Navigational data may also be collected from customers, including information about links and links in which they decide to click or other activities undertaken in our Online Store. Legal basis – legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
- In order to determine, investigate and enforce claims, some personal data provided by the Customer may be processed as part of using the functionality in the Online Store, such as: name, surname, data regarding the use of services, if the claims result from the manner in which the Customer uses the services , other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6 (1) (f) of the GDPR), consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
- J&P processes personal data including: name, surname, e-mail address, as well as answers to prepared questions as part of the satisfaction survey and forms used for satisfaction surveys. Participation in such actions is voluntary. If the customer does not agree to participate in them, he can inform J&P at any time to the address in accordance with §6, and then J&P will block the relevant data. Legal basis – legitimate interest (Article 6 (1) (f) of the GDPR), consisting in improving the functionality of services provided electronically and assessing satisfaction with the services we provide.
- The transfer of personal data to J&P is voluntary, in connection with the concluded sales contracts or the provision of services via the Store’s Website, with the reservation, however, that failure to provide the data specified in the forms in the Registration process prevents Registration and setting up a Customer Account, and in the case of submitting orders without registering the Customer Account will prevent the submission and implementation of the Customer’s order.
§ 2 Who is the data shared or entrusted to and how long is it stored?
- The Customer’s personal data is provided to service providers used by J&P when running the Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either are subject to J&P’s instructions as to the purposes and methods of data processing (processors) or independently define the purposes and methods of their processing (administrators).
1.1 Processors. J&P uses suppliers who process personal data only on J&P’s instructions. They include, among others providers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns;
1.2 Administrators. J&P uses suppliers who do not act solely on the instructions and set the goals and methods of using Customers’ personal data themselves. They provide electronic payment and banking services.
- Location . Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).
- Customers’ personal data is stored:
3.1 If the basis for the processing of personal data is consent, the Customer’s personal data are processed by J&P until the consent is revoked, and after the consent is revoked for a period of time corresponding to the period of limitation of claims that may be raised by J&P and which may be raised against him. . Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
3.2 If the basis for data processing is the performance of the contract, the Customer’s personal data is processed by J&P as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
3.3 If the Customer selects payment via the PayU system, his personal data is transferred to the extent necessary for the payment to be made to PayU SA with its registered office in Poznań (60-166 Poznań, ul. Grunwaldzka 186), entered into the register of entrepreneurs kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, VIII Commercial Division of the National Court Register under the number KRS 0000274399.
3.4 If the Customer selects payment via PayPal, his personal data is transferred to the extent necessary for the payment to PayPal (Europe) S.Ã rl et Cie, SCA, 22-24 Boulevard Royal L-2449, Luxembourg. Detailed information on data protection rules HERE
- The navigation data may be used to provide customers with better service, analyze statistical data and adapt the Online Store to customer preferences, as well as to administer the Online Store.
- In the event of a request, J&P provides personal data to authorized state authorities, in particular to organizational units of the prosecutor’s office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 3 The cookie mechanism, IP address
- The Online Store uses small files called cookies. They are saved by J&P on the end device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiry time” and an individual, randomly selected number identifying this file. The information collected using this type of files helps to adjust the products offered by J&P to the individual preferences and real needs of visitors to the Online Store. They also enable the development of general statistics of visits to the presented products in the Online Store.
- J&P uses two types of cookies:
2.1 Session cookies: after the browser session is ended or the computer is turned off, the stored information is deleted from the device memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from clients’ computers.
2.2 Persistent cookies: they are stored in the memory of the customer’s end device and remain there until they are deleted or expired. The persistent cookie mechanism does not allow the collection of any personal data or any confidential information from the clients’ computer.
- J&P uses its own cookies to correctly configure the Store, and in particular to remember the history of pages visited in the Store in order to recommend content.
- The cookie mechanism is safe for the computers of the Online Store Customers. In particular, it is not possible for viruses or other unwanted software or malicious software to enter the Customers’ computers in this way. However, in their browsers, customers have the option to limit or disable the access of cookies to computers. If you use this option, the use of the Online Store will be possible, except for functions that, by their nature, require cookies.
5.1 Internet browser Explorer ;
5.2 Microsoft Browser EDGE ;
5.3 Mozilla browser Firefox ;
5.4 browser Chrome ;
5.5 browser Safari ;
5.6 browser Opera .
- J&P may collect Clients’ IP addresses. An IP address is a number assigned to the computer of a visitor to the Online Store by an Internet Service Provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes every time you connect to the Internet. The IP address is used by J&P when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we receive the most visits), as information useful in administering and improving the Online Store, as well as for security purposes and possible identification of server loads, unwanted automatic programs for viewing the content of the Online Store.
- The Online Store contains links and references to other websites. J&P is not responsible for the privacy practices applicable to them.
§ 4 Rights of data subjects
- The right to withdraw consent – legal basis: art. 7 sec. 3 GDPR.
- The customer has the right to withdraw any consent given by J&P.
- Withdrawal of consent takes effect from the moment the consent is withdrawn.
- Withdrawal of consent does not affect the processing carried out by J&P in accordance with the law before its withdrawal.
- Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities that, in accordance with the law, J&P may only provide with consent.
- The right to object to data processing – legal basis: art. 21 GDPR.
- The customer has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if J&P processes his data based on a legitimate interest, e.g. marketing of J&P products and services, keeping statistics of use individual functionalities of the Online Store and facilitating the use of the Online Store, as well as a satisfaction survey.
- Resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the Customer’s objection to the processing of his personal data, including profiling for these purposes.
- If the Customer’s objection turns out to be justified and J&P has no other legal basis to process personal data, the Customer’s personal data will be deleted, the processing of which has been objected by the Customer.
- Right to erasure (“right to be forgotten”) – legal basis: art. 17 GDPR.
- The customer has the right to request the deletion of all or some personal data.
- The customer has the right to request the deletion of personal data if:
- personal data are no longer necessary for the purposes for which they were collected or processed;
- withdrew specific consent to the extent to which personal data were processed based on his consent;
- he objected to the use of his data for marketing purposes;
- personal data are processed unlawfully;
- personal data must be removed in order to comply with the legal obligation provided for in the Union law or the law of the Member State to which J&P is subject;
- the personal data has been collected in relation to the offering of information society services.
- Despite the request to delete personal data, in connection with the objection or withdrawal of consent, J&P may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to fulfill a legal obligation requiring processing under the law Of the Union or the law of a member state to which J&P is subject. This applies in particular to personal data including: name, surname, e-mail address, which data are kept for the purpose of considering complaints and claims related to the use of J&P services, or additionally the address of residence / correspondence address, order number, which data are are kept for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services.
- The right to limit data processing – legal basis: art. 18 GDPR.
- The customer has the right to demand that the processing of his personal data be restricted.
- Submitting a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. J&P will also not send any messages, including marketing messages.
- The customer has the right to request the restriction of the use of personal data in the following cases:
- when he questions the correctness of his personal data – then J&P limits their use for the time needed to verify the correctness of the data, but no longer than for 7 days;
- when the data processing is unlawful, and instead of deleting the data, the Customer will request the restriction of their use
- when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, assert or defend claims;
- when he objected to the use of his data – then the limitation takes place for the time needed to consider whether – due to the special situation – the protection of the interests, rights and freedoms of the client outweighs the interests that the Administrator performs when processing the client’s personal data.
- The right to access data – legal basis: art. 15 GDPR.
- The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if so, the Customer has the right;
- get access to your personal data;
- obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of this data, the planned period of storage of the Customer’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), about the rights of the Customer under the GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the security measures applied in connection with the transfer of this data outside the European Union;
- obtain a copy of your personal data.
- The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if so, the Customer has the right;
- The right to rectify data – legal basis: art. 16 GDPR.
- Right to data portability – legal basis: art. 20 GDPR.
- The customer has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. The customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if technically possible. In this case, the Administrator will send the Customer’s personal data in the form of a csv file, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator.
- In the event that the Customer exercises the right resulting from the above rights, J&P fulfills the request or refuses to comply with it immediately, but not later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – J&P will not be able to meet the request within one month, it will comply with it within the next two months, informing the Customer within one month of receiving the request – about the intended extension and its reasons.
- The customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.
- The customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.
§ 5 Security management – password
- J&P provides customers with a secure and encrypted connection when sending personal data and when logging in to the Customer Account on the Website. J&P uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data sent over the Internet.
- Date of the last modification: 01/12/2019