- The administrator of personal data collected via the herbedesign.pl online store is Agnieszka Trawińska, who conducts business under the name HERBE Agnieszka Trawińska, entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister in charge of economy, place of business and address to deliveries: ul. Pszenna 34, 10-833 Olsztyn, NIP: 7391128988, REGON: 280376136, e-mail address (e-mail): firstname.lastname@example.org, phone number: +48 509596500 hereinafter referred to as the "Administrator" and at the same time being the "Service Provider".
- Personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
- PROCESSING PURPOSE AND LEGAL BASIS.The Administrator processes the personal data of the Service Users of the Store www.herbedesign.pl in the case of:
- 1.1. Account registration in the Store, in order to create an individual account and manage this Account, pursuant to art. 6 par. 1 (b) GDPR (performance of the contract for the provision of electronic services in accordance with the Store Regulations),
- 1.2. placing an order in the Store, in order to perform the sales contract, pursuant to art. 6 par. 1 (b) GDPR (performance of the sales contract).
- 1.3. subscribing to the Newsletter in order to send commercial information by electronic means. Personal data is processed after expressing a separate consent, pursuant to art. 6 par. 1 (a) of GDPR.
- 1.4. using the Contact Form to send a message to the Administrator, pursuant to art. 6 par. 1 lit. f) GDPR (legitimate interest of the entrepreneur).
TYPE OF PERSONAL DATA PROCESSED. The Service Recipient provides, in the case of:
- 2.1. Accounts: name and surname, login, address, e-mail address.
- 2.2. Orders: name and surname, address, tax identification number, e-mail address, telephone number.
- 2.3. Newsletter: name and surname, e-mail address.
- 2.4. Contact form: name, e-mail address
PERIOD OF PERSONAL DATA ARCHIVING.The personal data of the Customers are stored by the Administrator:
- 3.1. in case when the basis for data processing is the performance of the contract, as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period of claims. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to conducting business activity – three years.
- 3.2. in case where the basis for data processing is consent, as long as the consent is not revoked, and after revoking the consent for a period of time corresponding to the limitation period of claims which may be raised by the Controller and which may be raised against him. Unless a special provision states otherwise, the limitation period is six years, and for claims pertaining to periodical performances and claims related to conducting business activity – three years.
When using the Store, additional information may be downloaded such as: IP address assigned to the User's computer or the external IP address of the Internet provider, domain name, type of browser, access time, type of operating system. After expressing a separate consent, pursuant to Art. 6 par. 1 (a) GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes - in connection with art. 10 par. 2 of the Act of 18 July 2002 on Providing Services by Electronic Means or art. 172 par. 1 of the Act of July 16, 2004 - Telecommunications Law, including those directed as a result of profiling, provided that the Service Recipient has consented. Navigational data may also be collected from the Service Users, including information about links and links in which they decide to click or other activities undertaken on the Store. The legal basis for this type of activity is the legitimate interest of the Administrator (Art. 6 par. (1)(f) of GDPR), consisting in facilitation of the use of electronically rendered services and in improvement of the functionality of said services. Provision of the personal data by the User is completely voluntary. The Administrator will use due care to protect the interests of people whose data is collected and, in particular, will ensure that the data he collects is:
- 8.1. processed in accordance with the provisions of law,
- 8.2. collected for specified and legitimate purposes and not processed further in a way incompatible with the intended purposes.
- 8.3. relevant and adequate to the purposes for which they are processed and stored in a form which permits identification of the data subjects no longer than it is necessary for the purposes for which they are processed.
DISCLOSURE OF PERSONAL DATA
- The personal data of the Customers are provided to service providers used by the Administrator when running the Store, in particular to:
- 1.1. entities delivering Products,
- 1.2. payment system providers,
- 1.3. accounting office,
- 1.4. hosting providers,
- 1.5. software providers that enable business operations,
- 1.6. entities providing the mailing system,
- 1.7. the software provider needed to run the online shop,
THE RIGHT TO CONTROL, ACCESS AND CORRECT THE PERSONAL DATA
- The data subject has the right to access their personal data, as well as to rectify, erase, restrict the processing, the right to transfer data, object, withdraw their consent at any time without affecting the lawfulness of any processing performed on the basis of the consent prior to its withdrawal.
- Legal grounds for the Service Recipient's request:
- 2.1. Access to data - art. 15 of the GDPR.
- 2.2. Data rectification - art. 16 of GDPR.
- 2.3. Deletion of data (the right to be forgotten) - art. 17 of GDPR.
- 2.4. Restriction of processing - art. 18 of GDPR.
- 2.5. Data transfer - art. 20 of GDPR.
- 2.6. Objection - art. 21 of GDPR
- 2.7. Withdrawal of consent - art. 7 par. 3 of GDPR.
In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to the following address: email@example.com. In the event that the Service Recipient has the right resulting from the above rights, the Administrator fulfills the request or refuses to comply with it immediately, but not later than within one month after receiving it. However, if – due to the complicated nature of the request or the number of requests – the Controller will not be able to fulfil the request within a month, he will comply with it within the next two months informing the Customer in advance, within one month of receiving the request, about the intended extension of the deadline and the reasons for it. In the event of concluding that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint to the President of the Personal Data Protection Office.
- Installation of cookies is necessary for the Store's services to be provided in a proper way. The cookies contain information necessary for the proper functioning of the website, as well as provide the possibility of compiling general statistics of website visits.
- The website uses two types of "cookies": "session" and "permanent".
- "Session Cookies” are temporary files that are stored in the end device of the Service User, for log out time (leaving the website).
- "Permanent Cookies" are stored in the end device of the Service User, for the time specified in the parameters of "cookies", or until their removal by the User.
The Controller uses his own cookies to better understand the Customers' interactions with the content of the page. The files collect information on how the Customer uses the website, the type of website the Customer was redirected from and the number and length of the Customer's visits to the website. This information does not record specific personal data the Customer, but is used to develop the statistics for the website use. The Administrator uses external Cookies for collecting general and anonymous statistical data (administrator of external cookies: Google Inc. with offices in USA). Cookies may also be used by advertising networks, in particular the Google network, in order to display advertisements tailored to the manner in which the Customer uses the Store. For this purpose, information about the User’s navigation path or time spent on particular web page may be kept. The User has the right to decide on access of the "cookies" to their computer, by means of browser settings. Detailed information about the possibilities and methods of cookie use is available in the software (web browser) settings.
- The Administrator uses technical and organizational measures to protect personal data, appropriate to the risks and category of data being protected, in particular to protect data against their unauthorized disclosure, takeover by an unauthorized person, processing with the violation of existing regulations, alteration, loss, damage or destruction.
- The Administrator provides the following technical measures to prevent the access and modification by third parties of personal data transmitted electronically.