Personal data collected by the Store Administrator are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal EU L 119, p. 1, hereinafter referred to as "RODO ").
The Store Administrator makes special efforts to protect the privacy and information provided to him, regarding the Store's Customers (hereinafter: "Customers", "Users"). The administrator selects and applies appropriate technical measures, including those of a programming and organizational nature, to ensure the protection of the processed data with due diligence, in particular, protects the data against unauthorized disclosure, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of applicable law.
The addressees of the Services available on the website (in particular the possibility of placing an Order in the Store) are not persons under 16 years of age. The personal data administrator does not provide for the purposeful collection of data concerning persons under the age of 16.
Personal data is any information relating to an identified or identifiable living natural person. Individual pieces of information that, when combined, can lead to the identification of a person, also constitute personal data.
Personal data controller
The administrator of your personal data is:
AKKE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ UL. MOGILSKA 16 / 7, 31-516 KRAKÓW, Poland entered in the Register of Entrepreneurs kept by the District Court for Kraków - Śródmieście, 11th Commercial Division of the National Court Register under KRS number 0000899129, REGON 388884768, NIP: 6793082897.
For your personal data, you can contact the Personal Data Administrator using:
traditional mail: UL. MOGILSKA 16 / 7, 31-516 KRAKÓW, POLAND
telephone: +48 123002704
Purposes of personal data processing
Administ The personal data controller processes your personal data for the following purposes and scope:
- take action before concluding the contract at your request (e.g. setting up an account), i.e. data provided in the registration form in the Store, i.e. e-mail address and password, gender; if the account is registered via an external authentication service (e.g. Facebook, Apple), we collect your name and e-mail address, and if you register when purchasing goods, we collect your name and data provided for the purpose of order fulfillment, such as the address to shipping; in order to provide services that require setting up an account, such as: keeping order history, informing about the status of order fulfillment, publishing product reviews and inquiries, we process your data provided in the account and when purchasing goods;
- in order to provide services that do not require creating an account and purchasing goods, i.e. browsing the Store's websites, searching for goods, we process personal data regarding your activity in the Store, i.e. data on the goods you browse, data on the session of your device, operating system , browser, location, unique ID, IP address;
- in order to fulfill the contract for the sale of goods (e.g. delivery of ordered goods), we process personal data provided by you when purchasing goods, such as name and surname, e-mail address, address details, payment details, and if you make a purchase for through the Account, an additionally set password;
- in order to keep statistics on the use of individual functionalities available in the Store, to facilitate the use of the Store and to ensure the IT security of the Store, we process personal data regarding your activity in the Store and the amount of time spent on each of the subpages in the Store, your search history, location , IP address, device ID, data about your web browser and operating system;
- in order to determine, pursue and enforce claims and defend against claims in court proceedings and other enforcement authorities, we may process your personal data provided when placing an order for the Goods or setting up an account and other data necessary to prove the existence of a claim or which result from a legal requirement, court order or other legal procedure;
- in order to consider complaints, complaints and requests and to answer customer questions, we process personal data provided by you in the contact form, complaints, complaints and requests. In order to answer questions contained in a different form, we process some personal data provided by you in the account, as well as data regarding the order of goods and other services provided by us, which are the cause of the complaint, complaint or request. We also process data contained in documents attached to complaints, complaints and requests;
- for the purpose of marketing our and our customers' and partners' goods and services, including remarketing, we process personal data provided by you when creating an Account and updating it, as well as data regarding your activity in the Store. In the case of remarketing, we use data about your activity to reach you with our marketing messages outside the Store and we use the services of external suppliers for this purpose. These services consist in displaying our messages on websites other than the Store. Details on this subject can be found in the records regarding cookies;
- for the purpose of market and opinion research by us or our partners, i.e. information about the order, your data provided in the account or when purchasing goods, e-mail address. Data collected as part of market research and opinion polls are not used by us for advertising purposes. Detailed instructions are given in the information about the given survey or in the place where you enter your data.
Categories of personal data
The personal data administrator processes the following categories of personal data:
- contact details,
- data on activity in the Store,
- data regarding orders in the Store,
- data on claims, complaints and requests,
- marketing services data.
Voluntary provision of personal data
Providing the required personal data is voluntary, but the condition for the provision of services by the Administrator via the Store.
Data processing time
Personal data will be processed for the period necessary to perform orders, services, marketing activities and other services performed for the Customer. Personal data will be deleted in the following cases:
- when the data subject asks for their removal or withdraws their consent,
- when the data subject does not take action for more than 10 years (inactive contact),
- after becoming aware that the stored data is outdated or inaccurate.
Some data in the field of: e-mail address, name and surname may be stored for the next 3 years for evidence purposes, consideration of complaints, complaints and claims related to the services provided by the Store - these data will not be used for marketing purposes.
Data on orders for paid goods and services, competitions and loyalty programs will be stored for a period of 6 years from the date of delivery of the order or service.
Data on customers not logged in we store for a period of time corresponding to the life cycle of cookies saved on devices or until they are deleted on the customer's device by the customer.
Your personal data regarding preferences, behavior and selection of marketing content may be used as the basis for making automated decisions in order to determine the sales opportunities of the Store.
Recipients of personal data
We share your personal data with the following categories of recipients:
- entitled state authorities and institutions (e.g. police, prosecutor's office, courts) in the event of submitting a legally justified request and to the extent resulting from this request,
- service providers that we use when running the Store, e.g. in order to fulfill an order. Depending on contractual arrangements and circumstances, these entities act on our behalf or independently determine the purposes and methods of their processing anne. The list of suppliers is updated on an ongoing basis and is available at the Administrator's office for inspection.
Rights of the data subject
On pursuant to the GDPR, you have the right to:
- request access to your personal data;
- request rectification of your personal data;
- request to delete your personal data;
- requests to limit the processing of personal data;
- objection to the processing of personal data;
- requests to transfer personal data;
- withdrawal of consent to the processing of personal data.
The personal data administrator, without undue delay - within two weeks of receiving the request - provides information about the actions taken in connection with your request.
Right to access personal data (Article 15 of the GDPR)
You have the right to obtain information from the Administrator of personal data whether your personal data is being processed.
If the Administrator processes your personal data, you have the right to:
- access to personal data;
- obtaining information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of this data, the planned period of storing your data or the criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of this data outside the European Union;
- obtain a copy of your personal information.
If you want to request access to your personal data, submit your request to firstname.lastname@example.org.
Right to rectification of personal data (Article 16 of the GDPR)
If your personal data are incorrect, you have the right to request the Administrator to immediately rectify your personal data.
You also have the right to request the Administrator to supplement your personal data.
If you want to request rectification of personal data or their supplement, submit your request to email@example.com.
If you have registered in the Store, you can correct and complete your personal data yourself after logging in to the Store.
Right to delete personal data - so-called “right to be forgotten” (Article 17 of the GDPR)
You have the right to request the Administrator of personal data to delete your personal data when:
- your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdrew a specific consent to the extent that personal data was processed based on your consent;
- Your personal data has been processed unlawfully;
- you have objected to the processing of your personal data for the purposes of direct marketing, including profiling, to the extent that the processing of personal data is related to direct marketing;
- you have objected to the processing of your personal data in connection with the processing necessary to perform a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the personal data Administrator or a third party.
Despite submitting a request to delete personal data, the Personal Data Administrator may process your data further in order to establish, pursue or defend claims, about which you will be informed.
If you want to request the removal of your data personal data, submit your request to the address firstname.lastname@example.org.
The right to submit a request to limit the processing of personal data (Article 18 of the GDPR)
You have the right to request the restriction of the processing of your personal data when :
- you question the correctness of your personal data - the personal data administrator will limit the processing of your personal data for a time allowing you to check the correctness of this data;
- when the processing of your data is unlawful, and instead of deleting your personal data you request restriction of the processing of your personal data;
- your personal data are no longer needed for the purposes of processing, but they are needed to establish, pursue or defend your claims;
- when you have objected to the processing of your personal data - until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in your objection.
If you want to request restricted and the processing of your personal data, submit your request to email@example.com.
Right to object to the processing of personal data (Article 21 of the GDPR)
You have the right to object to the processing at any time Your personal data, including profiling, in connection with:
- processing necessary to perform a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Personal Data Administrator or a third party;
- processing for direct marketing purposes.
If you want to object to the processing of your personal data, submit your request to firstname.lastname@example.org.
Right to request the transfer of personal data (Article 20 of the GDPR)
You have the right to receive your personal data in a structured, commonly used and machine-readable format and to send it to another personal data administrator.
You can also request that the personal data administrator send it to you directly your personal data to another administrator (if technically possible).
If you want to request the transfer of your personal data, submit your request to email@example.com.
Right to withdraw consent
You can withdraw your consent to the processing of your personal data at any time
Withdrawal of consent to the processing of personal data does not affect the lawfulness of processing based on your consent before its withdrawal.
If you want to withdraw consent to the processing of your personal data , submit your request to firstname.lastname@example.org or use the appropriate functionalities after logging in.
Complaint to the supervisory authority
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint to the supervisory authority, in particular in the Member State of his habitual residence, place of work or place of the alleged infringement.
In Poland, the supervisory authority within the meaning of the GDPR is the President of the Office for Personal Data Protection (PUODO).
Authentication using external services
When logging in to the Store using external authentication services ( e.g. Facebook, Apple, Google), the User, through the selected website, provides personal data needed to log in, which he previously provided to the administrator of a given website.
External social networking sites and other websites with an authentication function apply separate, own policy rules privacy, which requires separate approval. If the User has access to these services, he had to give such consent in advance.
Automatic activity detection system
Selected data, in particular the IP address and technical information about the device used, may be transferred to Google LLC based in Mountain View, USA to operate the reCAPTCHA mechanism to identify attempted automated activity.
When browsing the Store's websites, they are used cookies, hereinafter referred to as Cookies, i.e. small text information that is saved on your end device in connection with the use of the Store.
These files allow you to identify the software used by you and adapt the Store individually to your needs. Their use is aimed at the proper operation of the Store's websites.
Cookies usually contain the name of the domain they come from, the time of their storage on the device and the assigned value.
Security of cookies
The cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted or malicious software to get to your devices through Cookies.
Types of Cookies
We use two types of Cookies:
- Session cookies: they are stored on your device and remain there until the end of the browser session. The saved information is then permanently deleted from your device's memory.
- Temporary cookies: they are stored on your device and remain there until they are deleted or expired. Ending the session of a given browser or turning off the device does not delete them from your device.
The cookie mechanism does not allow you to download any personal data or any confidential information from your device.
Purposes of using cookies
We also use third-party cookies to for the following purposes:
- adjusting the content of the website to the User's preferences and optimizing the use of websites;
creating viewing statistics;
- proper operation of the ordering procedure, including enabling logging into the User's account, ensuring the proper operation of e.g. basket and ordering mechanism;
- maintaining the website User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the website;
- providing Users with content tailored to their interests.
Cookies may be used by advertising networks (e.g. Google) to display advertisements tailored to your preferences. For this purpose, information about the way you move around the web or the time you use the website may be stored.
By using the web browser settings or using the service configuration, you can change the Cookie settings yourself at any time. , specifying the conditions for their storage and access by Cookies to your device. You can change these settings so as to block the automatic handling of Cookies in the settings of your web browser or to inform about them each time they are placed on your device. Detailed information about the possibilities and ways of handling Cookies are available in the settings of your web browser.
We use appropriate procedures, safeguards and systems to ensure the security of your personal data so as to minimize the risk of theft, loss, unauthorized access, modification or use of your data. However, no available security method is 100% unbreakable. Therefore, we cannot guarantee that our database is completely resistant to any attempts of external attacks and abuse.