This Privacy Policy is an integral part of the Regulations of the Online Store www.mattmrozowsky.com of May 10, 2020 (Regulations). Definitions of terms used in this Privacy Policy are included in the Regulations. The provisions of the Regulations shall apply accordingly.
1. PERSONAL DATA
- Personal data provided by the Customer are processed by the Seller (i.e. M&M Mateusz Mrozowski sp. z o. o. with its registered office in Nawojowa, Klonowa 21, entered into the Register of Entrepreneurs kept by the District Court for Kraków Śródmieście in Kraków, 12th Commercial Division of the National Register Sądowy under the KRS number: 0000994846, using the NIP number: 7343616046 and REGON: 523258802. ), which is the administrator of personal data. In accordance with the rules set out in the Regulation of the European Parliament and of the Council EU 2016/679 of April 27, 2016. (hereinafter “GDPR”). Contact with the Administrator of personal data may take place by e-mail [email protected] or by telephone 793 771 002.
- The scope of the processed personal data determines the scope of data supplemented by the Customer and then sent to the Seller using the appropriate form. The processing of the Customer’s personal data may concern his e-mail address, name and surname, telephone number, address of residence and computer IP address.
- Customers’ personal data will be processed for a period of 5 years, and then they will be deleted, unless further processing results from a different legal basis.
- Customers’ personal data will be processed for the purpose of: (a) implementing the law, (b) creating an Account, executing the Order, providing electronic services, considering complaints and other activities indicated in the Regulations, (c) promotional and commercial activities of the Seller.
- Providing personal data is voluntary, but the lack of consent to the processing of personal data marked as mandatory will prevent the Seller from performing services and implementing Sales Agreements.
- The legal basis for the processing of personal data in the case referred to in par. 3 lit. (a) there is a legal obligation of the Seller related to the performance of the contract to which the data subject is a party, including the obligation to act at the request of the data subject before concluding the contract; In the case referred to in paragraph. 3 lit. (b) the legal basis for the processing of personal data is the consent of the data subject who has consented to the processing of his personal data for one or more specific purposes, and in the case referred to in par. 3 lit. (c) processing is necessary to comply with a legal obligation to which the controller is subject
- Customers’ personal data may be entrusted for processing, only for the purpose of implementing Sales Agreements and contracts for the provision of electronic services by the Seller, to a hosting company, a company providing accounting services for the Seller and a courier company. The entity processing Customers’ personal data, based on the Entrustment Agreement, will process Customers’ personal data through another entity, only on the basis of the Seller’s prior consent, from the entry into force of the GDPR. Personal data collected by the Seller may also be made available to: relevant state authorities at their request on the basis of relevant legal provisions, or other persons and entities – in cases provided for by law.
- Disclosure of personal data to unauthorized entities according to this Policy may take place only with the prior consent of the Customer to whom the data pertains.
- Customers have the right to: delete personal data collected about them both from the Seller’s system and from the databases of entities cooperating with the Seller, limit data processing, transfer personal data collected by the Seller regarding Customers and to receive them in a structured form, lodge a complaint with supervisory authority in a situation where the customer considers that his data is processed unlawfully and to bring a legal protection measure before the court against the supervisory authority as the entity committing the infringement.
- If the Seller receives information about the Customer’s use of the service provided electronically in violation of the Regulations or applicable regulations (unauthorized use), the Seller may process the Customer’s personal data to the extent necessary to determine the Customer’s liability.
- The website may store http queries, therefore some information may be stored in the server log files, including the IP address of the computer from which the query came, name of the client’s station – identification carried out by the http protocol, if possible, system date and time registration in the Store and the arrival of the query, the number of bytes sent by the server, the URL address of the page previously visited by the Customer, if the Customer entered via a link, information about the Customer’s browser, information about errors that occurred during the http transaction. Logs may be collected as material for the proper administration of the Store. Only persons authorized to administer the IT system have access to the information. Log files can be analyzed in order to compile traffic statistics in the Store and errors.
- The transfer of Customers’ personal data to third countries will take place in accordance with the requirements introduced by the GDPR.
2. INFORMATION SECURITY
- The seller uses technical and organizational measures to ensure the protection of personal data being processed, as specified in art. 25.30, 32-34, 35-39 of the GDPR, ensuring increased protection and security of the processing of Customers’ personal data, appropriate to the threats and categories of data protected, and in particular, technically and organizationally secures data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the Act and change, loss, damage or destruction, including SSL (Secure Socket Layer) certificates are used. The set of collected Customers’ personal data is stored on a secured server and the data is also protected by the Seller’s internal procedures in the field of personal data processing and information security policy.
- To log in to the Account, it is necessary to provide a login and password. To ensure an appropriate level of security, the Account access password exists in the Store only in encrypted form. In addition, registration and logging into the Account takes place in a secure https connection. Communication between the Customer’s device and the servers is encrypted using the SSL protocol.
- At the same time, the Seller indicates that the use of the Internet and services provided electronically may be associated with specific ICT risks, such as: the presence and operation of worms, spyware or malware, including computer viruses, as well as the possibility of being exposed to for cracking or phishing (password fishing), and others. In order to obtain detailed and professional information on maintaining security on the Internet, the Seller recommends obtaining them from entities specializing in this type of IT services.
3. COOKIES
- For the proper operation of the Store, the Seller uses cookie technology, based on the provisions of the Regulation on respect for private life and the protection of personal data in electronic communications (e-Privacy Regulation). Cookies are information packages saved on the Customer’s device via the Store, usually containing information in accordance with the purpose of the file, by means of which the Customer uses the Store – these are usually: website address, date of placement, expiry date, unique number and additional information in accordance with purpose of the file.
- The seller uses two types of cookies: session cookies, which are permanently deleted at the end of the customer’s browser session, and with the customer’s consent, expressed through the browser settings, persistent cookies that remain after the end of the browser session on the customer’s device until they are deleted.
- Based on cookies, both session and permanent, it is not possible to determine the identity of the Customer. The Cookies mechanism does not allow you to download any personal data.
- Store cookies are safe for the Customer’s device, in particular they do not allow viruses or other software to enter the device.
- Files generated directly by the Store cannot be read by other websites. External Cookies (i.e. Cookies placed by the Seller’s partners, with the prior consent of the Customer by selecting the appropriate browser settings) can be read by an external server.
- The customer may disable the saving of cookies on his device, in accordance with the browser manufacturer’s instructions. Failure to enable persistent cookies and External Cookies by the Customer may not cause unavailability of some or all of the Store’s functions.
- The Seller uses own cookies for the following purposes: authentication of the Customer in the Store and maintaining the Customer’s session; configuration of the Store and adjusting the content of the pages to the Customer’s preferences, such as: recognizing the Customer’s device, remembering the settings selected by the Customer; ensuring the security of data and the use of the Store; analyzes and audience research; providing advertising services.
- The Seller uses External Cookies, subject to sec. 15, for the following purposes: creating (anonymous) statistics that allow optimizing the usability of the Store, through analytical tools such as Google Analytics; using interactive functions via social networking sites: Facebook, Twitter, Google+, YouTube and Instagram.
- The customer can independently change the settings for Cookies at any time, specifying the conditions of their storage, through the settings of the web browser or through the configuration of the service. The customer may also independently delete the cookies stored on his device at any time, in accordance with the instructions of the browser manufacturer.
- Detailed information on the use of Cookies is available in the settings of the web browser used by the Customer.