The protection of personal data is for us an extremely important aspect for the proper functioning of the company. We put extra attention to the respect of your privacy when processing personal data, we present this policy, which was developed to create and maintain a high level of security respecting the applicable legal regulations in this area. This document defines the rules for collecting and processing a personal data file, as well as the right of entities to manage data.
- GENERAL PROVISIONS
1.1. The administrator of personal data, here the entity responsible for the collection, processing and use of personal data is Dorota Berowska , e-mail address: firstname.lastname@example.org, contact number: +48 578 617 330).
1.2. The term “GDPR” means General Data protection Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC.
– processed in accordance with the law,
– collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes,
– correct and adequate in relation to the purposes in which they are processed,
– stored with the possibility of identifying people, no longer than it is necessary to achieve the purposes for which they were collected.
- PURPOSE AND SCOPE OF PERSONAL DATA COLLECTION
2.1. The purpose and scope of collecting personal data processed by the Administrator arise from the law or from the consent of the User. Each time they are specified in relation to the actions taken in the online store, or as part of other communication channels.
2.2. The main purpose of collecting the Customers’ personal data by the Administrator is the service and execution of orders resulting from the conclusion of a contract of sale or a contract for the provision of services along with any subsequent warranties. In addition, the direct marketing of the Administrator’s own products or services and the prevention of prohibited acts and fraud are equally important goals. For other purposes, your personal data may be processed on the basis of voluntarily expressed consents and applicable law.
2.3. The customer of the online store registers, giving his name, delivery address, contact phone number, e-mail address and, optionally, company details and tax identification number. The created account is protected by an individual password chosen by the Customer. After placing an order, the administrator of the online store panel manually enters the Customer’s data and details of his order to the order processing system.
2.4. In order to complete the customers’ order, we require correct identification data (name and address) and payment details. The telephone number and e-mail address are used to communicate with the customer, send the order and confirm its receipt. The e-mail address is also necessary to identify when the Customer logs into individual account. Please be advised that you can register your data in the case of telephone, e-mail or mail contact.
2.5. Providing Personal Data by the Customer is voluntary, but necessary to conclude and execute the Sales Agreement, as well as its settlement.
- WHO ARE THE DATA RECEIVER?
3.1. Users’ personal data is transferred to third parties only when it is allowed by law, including the objectives related to the contract and settlement, for marketing purposes or in the event of prior consent of the User. The data provided by this service provider may be used only for the purpose of carrying out its task.
3.2. Please be advised that your data will not be transferred outside the European Economic Area.
3.3. If the Customer who uses the online store with the method of delivery by post or courier, the Administrator provides the collected personal data of the Customer to the selected carrier or third party company performing the shipment at the request of the Administrator.
3.4. By using the electronic payment method or the card payment, the Administrator provides the collected personal data of the Customer to a selected entity servicing the above payments in the Online Shop.
3.5. The personal data administrator supervises which data and to what extent, and to whom they have been made available.
5.1. For sending the newsletter, we process the e-mail address provided by the User. In order to use it, we require confirmation of the User consisting in expressing his consent to receiving the newsletter as the owner of the email address, i.e. for the processing of personal data for marketing purposes in accordance with the Act of August 29, 1997 (Journal of Laws 2002) No. 101, item 926, as amended) on the protection of personal data and on receiving commercial information by means of electronic communication in accordance with the Act of 18.07.2002 (Journal of Laws No. 144, item 1204 with subsequent amendments) on the provision of electronic services.
5.2. The user can unsubscribe from the newsletter at any time. If you want to cancel your consent, please send a request under the title: “I unsubscribe from the newsletter” to the email address: .com.
- COOKIES (COOKIES)
6.2. The information collected relates to the IP address, type of browser used, language, type of operating system, Internet service provider, time and date information, location and information sent to the website via the contact form.
6.3. The collected data is used to monitor and check how users use our sites to improve the functioning of the website, providing more efficient and problem-free navigation.
6.5. Our website uses the following cookies:
- a) “necessary” cookies, enabling the use of services available as part of the website, e.g. authentication cookies used for services that require authentication within the website;
- b) cookies used to ensure security, e.g. used to detect fraud in the field of authentication within the website;
- c) “performance” cookies, enabling the collection of information on the use of website pages;
- d) “functional” cookies, allowing “remembering” the settings selected by the user and personalizing the user interface in terms of the language or region of the user’s origin, size of the font, appearance of the website, etc.
6.6. The user may at any time disable or restore the option of collecting cookies by changing the settings in the web browser. Instructions for managing cookies are available at: http://www.allaboutcookies.org/manage-cookies.
6.7. Additional personal data, such as an e-mail address, are collected only in places where the user expressly consented to this by completing the form. The above data is retained and used only for the needs necessary to perform a given function.
- HOW LONG DO WE STORE DATA?
7.1. The personal data obtained in relation to the mailbox, individual accounts of the Store’s Users and the newsletter are kept for no longer than it is necessary to achieve the purposes of processing or until the consent is withdrawn. The obligation to collect data may also be determined by applicable legal regulations, e.g. the need to store accounting documents, and the period of their storage is compliant with the currently binding regulations. We remind you that the User has the right to manage his data (more on this subject in the next chapter).
- DATA MANAGEMENT
8.1. Each person has the right to control their personal data, which they can implement, among others by requesting information regarding the processing of your data. Each person has also the right to request their updating, correction and deletion, as well as the right to raise objections in the cases specified in the Act on the Protection of Personal Data.
8.2. Cancellation of the account
If you want to delete your account, please send a request under the title: “I cancel my account” to the email address: .com. The information should be sent from the email address that is assigned to the account at woodencraftdesign.com. Cancelling your account is not equivalent to deleting your personal data.
8.3. Removal of personal data
To delete your personal data, please send a message under the title “I request the deletion of personal data” to the email address: .com. The user should use the email address used to create the account or to fulfill the order. A request to delete personal data is equivalent to resignation from the account.
At the same time, we would like to point out that according to art. 23 of the Act on the Protection of Personal Data, in some cases, despite the request, the administrator cannot delete part of personal data.
8.4. Correcting personal data
Based on Article. 32 para. 6 of the Act on the Protection of Personal Data, each person may request supplementing, updating, rectifying personal data, temporary or permanent suspension of their processing or their removal, if they are incomplete, out-of-date, untrue or have been collected in violation of the Act or are no longer required the purpose for which they were collected. This law can be implemented by editing the data in the “My Account” section. We also require you to submit this information to our email address below in order to correct the data in the order processing system. In the case of placing an order via a mailbox, the data can be updated by sending a message under the heading: “Correction of personal data” to the email address: .com.
8.5. The right to object
Every person whose data is processed has the right to control them (Article 32 paragraph 1 of the Act). It expresses the possibility of opposing their use for marketing purposes or transferring to another data administrator.
The right of objection may be expressed when the administrator justifies the processing of data by meeting the conditions referred to in art. 23 sec. 1 point 4 and 5 of the Act, i.e. when:
- data processing is necessary to carry out tasks defined for the public good,
- is necessary to fulfill its legally justified goals,
- third parties to whom it provides data.
This right is not applicable if, for example, the basis for data processing is consent, special law or they are processed in connection with the execution of the contract concluded with the administrator.
In the situation when the User raises an objection, further processing of the data in question is unacceptable. However, the administrator may leave the name of the person and the address only in order to avoid re-use of that person’s data, for the purposes covered by the objection (Article 32 (3) of the Act).
8.6. The user is also entitled to submit a complaint to the competent supervisory authority if he / she considers that his / her personal data have been processed in violation of applicable data protection regulations.
9.1. The administrator uses all technical and organizational methods to ensure the security of personal data and protects them against accidental or intentional destruction, accidental loss, modification or unauthorized disclosure or access. The information is stored and processed on servers with a high degree of security, with appropriate security measures that meet legal requirements.
9.2. The Administrator provides the following technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons:
– any certificates?
– access to the Account only after providing an individual login and password.
- FINAL PROVISIONS.
10.3. In case of any doubts or contradictions between the Policy and the consents given by the Customer, regardless of the provisions of this Policy, the basis for taking and determining the scope of activities is always the consent or provisions of the law provided by the Customer on a voluntary basis. However, this policy is for information purposes only.