Privacy policy

PRIVACY POLICY OF THE ON-LINE STORE MAXIAMBER.COM

CONTENTS LIST:

1. GENERAL PROVISIONS
2. BASIS FOR DATA PROCESSING
3. OBJECTIVE, BASIS AND PERIOD OF PROCESSING OF DATA AT THE ON-LINE STORE
4. RECIPIENTS OF DATA AT THE ON-LINE STORE
5. PROFILING AT THE ON-LINE STORE
6. THE RIGHTS OF CONCERNED PERSONS
7. COOKIES AT THE ON-LINE STORE AND USAGE DATA
8. MISCELLANEOUS PROVISIONS

1. GENERAL PROVISIONS

1.1 The present privacy policy of the On-line Store is informative, meaning that it does not constitute a source of obligations for the consumer service providers or customers of the On-line Store. The privacy policy includes primarily rules concerning the processing of personal data by the Controller at the On-line Store, including the substantiation, purposes and scope of processing of personal data and the rights of persons concerned by the personal data, as well as information spanning the usage of cookies and analytical tools at the On-line Store.

1.2 The Controller of the personal data collected through the On-line Store is Monika Kwaśny, conducting business activity under the company name MARIGOLD Monika Kwaśny entered into the Polish Central Register and Information on Economic Activity (Pl. CEIDG) of the Republic of Poland kept by the minister appropriate for issues of the economy, the seat of execution of business is Korczaka 6/ 13, 81-473 Gdynia, Poland, NIP (tax identification) no. 5861517090, REGON (statistical) no. 362772073, e-mail address office@maxiamber.com – referred to in the text as the 'Controller', at the same time being the service provider and seller at the On-line Store.

1.3 The personal data at the On-line Store are processed by the Controller pursuant to the valid provisions of law, in particular according to the regulation of the European Parliament and of the Council (EU) no. 2016/ 679 of April 27th, 2016., on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), referred to the text as the GDPR. The official text of the GDPR can be found at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32016R0679&from=PL.

1.4 The usage of the On-line Store, including making purchases, is voluntary. Similarly, the related provision of personal data by any service consumer utilising the On-line Store or any Customer is voluntary, with the reservation of two exceptions: (1) concluding contracts with the Controller – failure to provide personal data necessary for the purpose of conclusion and execution of a sales contract or any contract concerning the provision of electronic services with the Controller in cases and within the scope indicated on the website of the On-line Store and the On-line Store regulations and the present privacy policy will result in the inability to conclude such a contract. The provision of personal data is, in such a case, a contractual requirement, and should the concerned person be willing to conclude the said contract with the Controller, they are obligated to provide the required data. Each time, the scope of data necessary for the conclusion of the contract is indicated beforehand on the On-line Store website and in the regulations of the On-line Store; (2) statutory obligations of the Controller – the provision of personal data is a statutory requirement stemming from commonly valid provisions of the law imposing upon the Controller the obligation to process personal data (e. g. data processing for the purpose of fiscal record-keeping), and the failure to provide such data will prevent the Controller from executing such obligations.

1.5 The Controller works with due diligence to protect the interests of persons concerned by the data processed by them; they are in particular responsible for and ensures that the data collected by them is: (1) processed according to the law; (2) collected for specific, legal objectives and not subjected to further processing that is contrary to those provisions; (3) materially correct and suitable in terms of the objectives, for which they are processed; (4) stored in form permitting the identification of concerned persons not longer than this is necessary in order to achieve the objectives of processing, and (5) processed in a manner ensuring suitable security of personal data, including protection against unsuitable or unlawful processing and accidental loss, destruction or damage, by way of appropriate technical or organisational resources.


1.6 Taking into account the character, scope, context and objectives of processing and the risk of violation of the rights or liberties of natural persons characterised by different levels of probability and gravity of threats, the Controller implements suitable technical and organisational resources in order for the processing to take place in line with the present regulations, and in order to be able to prove this. These resources are, if needed, reviewed and updated. The Controller utilises technical resources preventing the collection and modification by unauthorised persons of personal data transferred electronically.

17. All words, expressions and acronyms found in the present privacy policy and beginning with a capital letter (e. g. Seller, On-line Store, Electronic services) should be construed in line with their definitions included in the On-line Store regulations available on the On-line Store website.

2. BASIS FOR DATA PROCESSING

2.1 The Controller is entitled to process the personal data in cases, when, and in the scope, in which – at least one of the following objectives is fulfilled: (1) the concerned person had consented to the processing of their personal data for one or for a higher number of specific purposes; (2) the processing is necessary in order to execute the contract, to which the concerned person is a party, or for the purpose of undertaking of activities upon the order of a concerned person before the conclusion of a contract; (3) the processing is necessary for the purpose of fulfilment of legal obligations of the Controller; or (4) the processing is necessary for purposes stemming from legally substantiated interests executed by the Controller or by a third party, save for situations, in which the superordinate character against these interests is held by interests or fundamental rights and liberties of the person concerned by the personal data requiring protection, in particular if the concerned person is a child.

2.2 The processing of personal data by the Controller requires in each case the emergence of at least one of the grounds indicated under p. 2.1 of the privacy policy. The specific substantiations for the processing of personal data of Service Consumers and Customers of the On-line Store by the Controller are indicated in the subsequent item of the privacy policy – with respect to the specific objective of processing of personal data by the Controller.

3. OBJECTIVE, BASIS AND PERIOD OF PROCESSING OF DATA AT THE ON-LINE STORE

3.1 In each case, the objective, basis and period as well as the recipients of personal data processed by the Controller stem from the activities undertaken by the specific Service Consumer or Customer of the On-line Store or the Controller.

3.2 The Controller may process personal data within the scope of the On-line Store for the following purposes, on the grounds and in the periods indicated accordingly as follows:

3.2.1 Execution of a Contract of Sale or a contract concerning the provision of an Electronic Service or undertaking of activities upon the request of a person concerned by the personal data, before the conclusion of the above described contracts [art. 6 section 1 letter b) of the GDPR (execution of a contract) – the processing is necessary for the execution of a contract, to which the person concerned by the personal data is a party, or for the undertaking of activities upon the request of a person concerned by the data before the conclusion of the contract] – the data is stored over the period necessary for the conclusion, termination or any other form of expiry of the concluded Contract of Sale or contract concerning the provision of an Electronic Service.

3.2.2 Direct marketing [art. 6 section 1 letter 1) of the GDPR (legally substantiated interest of the Controller) – the processing is necessary for purposes stemming from legally substantiated interests of the Controller – entailing the care for the interests and good image of the Controller, their On-line Store and the struggle towards the sale of Products] – the data is stored over the period of presence of the legally substantiated interest of the Controller, however, not longer than over the period of expiry of claims of the Controller with respect to the person concerned by the data on the basis of the business activity conducted by the Controller. The period of expiry of claims is determined by provisions of the law, in particular provisions of the Polish Civil Code (the fundamental period of expiry of claims related to the execution of business activity is three years, and for a contract of sale – two years); the Controller may not process data for the purpose of direct marketing in case the concerned person would effectively voice their concern in this regard.


3.2.3 Marketing [art. 6 section 1 letter a) of the GDPR (consent) – the person concerned by the personal data voiced their consent for the processing of their personal data for marketing purposes by the Controller] – the data is stored until the moment of withdrawal of consent to further processing of their data for this purpose by the person concerned by the personal data.

3.2.4 Keeping of fiscal documentation [art. 6 section 1 letter c) of the GDPR in relation to art. 86 par. 1 of the Polish Tax Code, meaning, the Polish act of January 17th, 2017 (Polish Journal of Laws of 2017, item no. 201) – the processing is necessary for the fulfilment of the legal obligation of the Controller) – the data is stored over the period binding by provisions of the law obligating the Controller to retain tax records (until the expiry of the statute of limitations of the tax obligations, unless the tax provisions would state otherwise).

3.2.5 Determination, raising or defence of claims that could be raised by the Controller or that could be raised against the Controller [Art. 6 section 1 letter f) of the GDPR (legally substantiated interest of the Controller) – the processing is necessary for purposes stemming from legally substantiated interest of the Controller – entailing the determination, raising or defence of claims that can be raised by the Controller or that could be raised against the Controller] – the data is stored over the period of existence of a legally substantiated interest of the Controller, however, not longer than over the period of expiry of the statute of limitations of the claims that could be raised by the Controller (the basic expiry period of claims against the Controller amounts to six years).

3.2.6 Usage of the On-line Store and assurance of its correct functioning [art. 6 section 1 letter f) of the GDPR (legally substantiated interest of the Controller) – the processing is necessary for purposes stemming from legally substantiated interests of the Controller – entailing the operation and maintenance of the On-line Store website] – the data is stored over the

3.2.7 Statistical record keeping and On-line Store traffic analysis [art. 6 section 1 letter f) of the GDPR (legally substantiated interest of the Controller) – the processing is necessary for purposes stemming from legally substantiated interests of the Controller – entailing the statistical record keeping and analysis of traffic at the On-line Store for the purpose of improvement of operation of the On-line Store and the improvement of Product sales] – the data is stored for the period of existence of the legally substantiated interest of the Controller, however, not past the expiry of the claims of the Controller with respect to the person, to whom the data applies, due to the business activity conducted by the Controller. The statute of limitations is determined by provisions of the law, in particular the Polish civil code (the fundamental statute of limitations for claims related to business activity is three years, and for sales contracts two years).

4. RECIPIENTS OF DATA AT THE ON-LINE STORE

4.1 For the purpose of correct operation of the On-line Store, including for the execution of the concluded Contracts of Sale, it is necessary for the Controller to make use of services provided by external entities (such as e. g. software providers, the Polish Post, and their respective foreign counterparts, or the payment processing service). The Controller uses exclusively the services of such processing entities, which provide sufficient guarantees of implementation of appropriate technical and organisational resources so that the processing would correspond to requirements of the GDPR and protect the rights of persons concerned by the data.

4.2 The transfer of the data by the Controller does not occur in every case and not to all recipients or recipient categories listed in the privacy policy – the Controller only transfers the data if this is necessary for the execution of the relevant objective of processing of personal data, and only in the extent necessary for its execution.

4.3 The personal data of Service Consumers and Customers of the On-line Store may be transferred to specific recipients or recipient categories:


4.3.1 In case of Customers who would utilise in the On-line Store of the Product delivery option of post, the Controller makes available the collected data of the Customer to a selected entity or delivery services providing deliveries by order of the Controller.

4.3.2 Entities handling electronic or card-based payments – in case of a Customer who at the On-line Store would make use of the electronic or card-based payment form, the Controller provides the collected Customer personal data to the selected entity handling the above described payment options at the On-line Store by order of the Controller, in the scope necessary to handle the payment effected by the Customer.

4.3.3 Service providers providing the Controller with technical, information technology and organisational solutions, permitting the Controller to conduct their business activity, including to operate the On-line Store and the Electronic Services provided through it (in particular suppliers of computer software for operating the On-line Store, e-mail and hosting providers as well as company operation software and Controller help suppliers) – the Controller provides the collected personal data of Customers to selected providers acting upon their order only in case or in the scope necessary to execute the relevant objective of data processing in line with the present privacy policy.

4.3.4 Suppliers of accounting, legal and advisory services providing to the Controller accounting, legal or advisory support (including in particular the accounting office or the legal offices) – the Controller provides the collected Customer personal data to the selected provider acting on the basis of their orders solely in cases and within the scope necessary to achieve the specific objective of data processing in line with the present privacy policy.

5. PROFILING AT THE ON-LINE STORE

5.1 The GDPR imposes on the Controller the obligation to inform about automated decision-making, including profiling, as described in art. 22 sections 1 and 4 of the GDPR, and – at least in these cases – to provide material information about the rules of making decisions, as well as the significance and foreseen consequences of such processing for the person, to whom the data applies. With this in mind, the Controller provides in this item of the privacy policy information concerning possible profiling.

5.2 The Controller may utilise profiling at the On-line Store for direct marketing purposes, however, decisions made on this basis by the Controller do not apply to the conclusion or denial of conclusion of Contracts of Sale or the possibility of making use of Electronic Services at the On-line Store. The effect of utilisation of profiling at the On-line Store may be e. g. assigning a rebate to a specific person, sending a rebate code to them, reminding them of purchases left uncompleted, sending Product suggestions that might correspond to the interests or preferences of that person or suggesting better conditions as compared to the standard On-line Store offer. Despite profiling, it is the concerned person who makes their free decision whether they would like to make use of the rebate or better conditions received because of this and make their purchase at the On-line Store.

5.3 Profiling at the On0line store entails the automatic analysis or estimation of behaviour of a specific person at the On-line Store website, e. g. through the addition of a specific Product to the basket, through the browsing of the page of a specific Product at the On-line Store or by way of an analysis of the history of their purchases at the On-line Store. A condition of such profiling is the Controller holding personal data of that person in order to send them e. g. a rebate code.

5.4 Any person, whom the data would concern, has the right to be exempt from decisions based solely on automatic processing, including profiling, and giving rise with respect to that person of legal effects or influencing them significantly in a similar manner.

6. THE RIGHTS OF CONCERNED PERSONS

6.1 Right to access, correct, limit, delete or transfer – the person concerned by the data has the right to demand of the Controller access to their personal data, to correct this data, have it removed ('Right to be forgotten') or to limit its processing, and has the right to object against the processing; they furthermore have the right to transfer their data. Detailed conditions of execution of the rights indicated above are provided in art. 15-21 of the GDPR.


6.2 Right to withdraw consent at any time – any person, whose data is processed by the Controller on the basis of their provided consent (on the basis of art. 6 section 1 letter 1) or art. 9 section 2 letter a) of the GDPR) has the right to withdraw their consent at any time without effect on the legality of processing that had taken place on the basis of this consent before its withdrawal.

6.3 Right to lodge a complaint with a supervisory body – any person, whose data is processed by the Controller, has the right to file a complaint with the supervisory body in the mode and according to the process set out in the provisions of the GDPR and Polish law, in particular the Polish act on the protection of personal data. The supervisory body in Poland is the President of the Polish Personal Data Protection Office.

6.4 Right to object – any person concerned by the data has the right to raise at any time a complaint – for reasons related to their particular situation – against the processing of personal data applicable to them on the basis of art. 6 section 1 letter e) of the GDP (public interest or public activities) or f) (legally substantiated interest of the Controller), including profiling on the basis of these provisions. The Controller in such a case may not process this personal data any more, unless they are able to prove the existence of a significant legally substantiated basis for the processing that would be superordinate with respect to the interests, rights and liberties of the person concerned by the data, or an basis for the determination, raising or defence of claims.

6.5 Right to object to direct advertising – if personal data is processed for the purposes of direct advertising, the person concerned by the data has the right to file at any time a claim against the processing of the personal data applicable to them for the purposes of such advertising, including profiling, in the scope, in which the processing is related to direct marketing.

6.6 For the purpose of execution of rights set out in the present item of the privacy policy, contact may be made with the Controller by way of sending a suitable message by electronic mail to the address of the Controller indicated at the beginning of the privacy policy or using the contact form available at the On-line Store website.

7. COOKIES AT THE ON-LINE STORE AND USAGE DATA

7.1 Cookie files are minor textual pieces of information as text files sent by the server and stored with the visitor of the On-line Store (e. g. on the hard drive of the computer, laptop, or on the memory card of a smart phone – depending on the end device utilised by the person visiting our On-line Store). Detailed information on cookie files and the history of their emergence may be found, among others, at https://en.wikipedia.org/wiki/HTTP_cookie.

7.2 The Controller may process data contained in the cookie files during the usage by visitors of the On-line Store for the following purposes:

7.2.1 Identification of Service Consumers as logged in with the On-line Store and showing that they are logged in;

7.2.2 Remembering Products added to the basket for the purpose of Order submission;

7.2.3 Remembering data from completed Order Forms or logging data to the On-line Store

7.2.4 Adaptation of the On-line Store website content to individual Service Consumer preferences (e. g. with respect to colours, font sizes, site layout) and optimisation of the usage of the On-line Store website);

7.2.5 Making anonymous statistics showcasing the mode of use of the On-line Store website.

7.3 As standard, the majority of web browsers available on the market accepts by default the storage of cookies. Everybody has the possibility to determine the conditions of usage of cookie files by way of adjusting the settings of their own internet browser. This means that one can e. g. partially (e. g. time-wise) limit or permanently disable to possibility of cookie storage – in the latter case, however, this could impact certain functionalities of the On-line Store (for instance, it might prove impossible to follow the Order submission path through the Order Form due to the Products not being remembered in the basket throughout the various Order submission stages).


7.4 The settings of one's Internet browser with respect to cookies are significant from the point of view of consent to the use of cookies by our On-line Store – according to provisions, such a consent may also be given by way of Internet browser settings. In case such consent is not to be voiced, the settings of the web browser with respect to cookies should be appropriately adjusted.

7.5 Detailed information on changing settings concerning cookies and their independent removal in the most popular internet browsers are available in the help sections of

- the Chrome browser
- the Firefox browser
- the Internet Explorer browser
- the opera browser
- the Safari browser
- the MS Edge browser

8. MISCELLANEOUS PROVISIONS

8.1 The On-line Store may contain links to other websites. The Controller urges [the users] to get acquainted with privacy policies set out there after links to other websites are followed. The present privacy policy only applies to the On-line Store of the Controller.

8.2 The Controller utilises technical and organisational resources to ensure protection of the processed personal data suitable to the threats and categories of data covered by the security, and in particular they protect data against their provision to unauthorised entities, their takeover by unauthorised entities, their processing in violation of existing provisions as well as their modification, loss, damage or destruction.

8.3 The Controller appropriately provides the following technical resources preventing the acquisition and modification by unauthorised persons of personal data transferred by electronic means: (1) they protect the data set against unauthorised access, (2) they only allow Account access following the provision of one's individual user name and password.

8.4 The Controller ensures to the Customers secure and encrypted connections during the transfer of personal data and during lgging onto the Customer Account with the Website. The Controller uses the SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transferred on the Internet.

8.5 The Controller never sends any correspondence, including electronic correspondence, asking to provide one's login data, in particular the Customer account password.

8.6 The privacy policy may change, and the Controller will notify Customers of this with a seven day notice period.

8.7 Last modified on: 23.07.2019.

up
Shop is in view mode
View full version of the site
Sklep internetowy Shoper.pl