PRIVACY POLICY
www.suavastore.com
The administrator of your data is: Agata Matczak, running a business under the name Agata Matczak Services, at ul. Garbary 35/9 in Poznań (61-868), NIP 6731869773, REGON 381193067.
In connection with its business activity, the Administrator collects and processes personal data in accordance with applicable law, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in in connection with the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the GDPR. The administrator ensures the security of the processed data, as well as their confidentiality and access to information about this processing for data subjects.
§1 INFORMATION ABOUT THE ADMINISTRATOR
1. This document sets out the rules for the processing and protection of personal data processed by the Administrator, including data provided by customers of the website www. suavastore.com (hereinafter referred to as: “Website”) and describes the principles of processing information about you by us, i.e. the so-called cookies .
2.You can contact the Administrator directly by writing to [email protected] or by calling + 48662777405 and at the address of our registered office.
§2 TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
Depending on the relationship between us and you, we process personal data for the following purposes and scope:
1.Potential customers, including newsletter subscribers, people to whom we direct our marketing content, users of our social networking sites:
– data (name, surname, contact addresses, telephone number) are processed in order to implement the Administrator’s legitimate interest pursuant to art. 6 sec. 1 lit. f of the GDPR, consisting primarily in the marketing of its products and services, brand promotion, running social networking sites. In the case of obtaining consents from you, the data will be processed on the basis of art. 6 sec. 1 lit. a GDPR, (in the form of telephone contact, sending an e-mail or text message, or sending our offer by traditional mail to the address provided by you). On the basis of our legitimate interest, we may also process your data in order to pursue possible claims, for statistical purposes, as well as for continuous improvement of the quality of our services. Providing your personal data is not a legal obligation, but it is necessary in order to respond to your inquiries, e.g. in the contact form.
2. Our clients and contact persons at clients: – data (usually name, surname, contact addresses, telephone number, details of the service and invoice data) are processed in order to perform the contract or take action before concluding the contract at the customer’s request, based on Article. 6 sec. 1 lit. b GDPR; in the case of customers and contact persons indicated by the customer, e.g. in the content of the contract – pursuant to art. 6 sec. 1 lit. f GDPR – due to our legitimate interest. Your data as our clients are also processed in order to fulfill our legal obligations, e.g. keeping settlements, accounting and financial reporting, etc. then we do it on the basis of art. 6 sec. 1 lit. c GDPR. Providing the above-mentioned data by you is necessary for the proper performance of the contract by us.
3. Conducting e-mail and traditional correspondence:
– the data provided by you (especially name, surname, contact address), if you send us e-mail correspondence or by traditional means, are processed only for the purpose of communication and settling the matter, which this correspondence is concerned. In this case, the legal basis for processing is the legitimate interest of the Administrator pursuant to art. 6 sec. 1 letter f of the GDPR, consisting in conducting correspondence addressed to him in connection with his business activity. Providing the above-mentioned data by you is necessary in order to respond to correspondence addressed to us.
4. Recruitment: – data provided by you as part of recruitment processes (to the extent specified in the law) will be processed by the Administrator in order to perform the obligations arising from the law, related to the employment process, including in particular the Labor Code – pursuant to art. 6 sec. 1 letter c GDPR. If you provide data not required by the provisions of labor law, as well as for the purposes of future recruitment processes , the legal basis for processing will be your consent (see Article 6(1)(a) of the GDPR). In order to determine or pursue any claims or defend against such claims – the legal basis for data processing is the legitimate interest of the Administrator, i.e. art. 6 sec. 1 letter f GDPR. Providing your data to the extent specified by law is necessary in order to conduct the recruitment process.
5.People visiting our website (www.suavastore.com):
– we would like to inform you that additional information may be collected when using the Website, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, domain name, type browser, access time, type of operating system; navigation data may also be collected from users of our website, including information about links and references that they decide to click or other activities undertaken on the Website. The legal basis for this type of activity is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), which consists in facilitating the use of services provided electronically and improving the functionality of these services.
6. Participants of competitions organized by us – data provided by you in connection with participation in competitions organized by us will be processed in order to fulfill our obligations as the organizer of the competition, including handling applications, informing about the results and selecting winners, as well as awarding and sending prizes competition, which is our legitimate interest (Article 6(1)(f) of the GDPR). The data will also be processed for the purposes of settlements, accounting and financial reporting and other obligations arising from the law (Article 6(1)(c) of the GDPR), as well as for the purposes indicated in the content of consents to the processing of personal data – if such consents are expressed (Article 6(1)(a) of the GDPR). Providing your data in the scope specified in the regulations of a given competition is necessary to participate in it.
7. Complainants – personal data provided by you will be processed in order to consider the complaint, pursuant to art. 6 sec. 1 lit. f of the GDPR, which is the legitimate interest of the administrator, but also necessary in order to fulfill the legal obligations imposed on the administrator, i.e. pursuant to art. 6 sec. 1 lit. c GDPR). Providing your data to the extent specified by law is necessary in order to carry out the complaint procedure.
§3 PROVISION OF PERSONAL DATA
The administrator may transfer your personal data only if it is necessary to achieve the purposes of processing: entities providing IT services to us, i.e. hosting service providers, software providers enabling the website, authorized employees and associates who will respond to your inquiries generated using the contact form. In addition, we may transfer your data to consulting, auditing and legal companies, postal and courier companies, banks, ZUS, Tax Office – as part of the legal obligations incumbent on the Administrator.
§4 RIGHT TO CONTROL, ACCESS TO OWN DATA AND CORRECT THEM
1.The data subject has the right to access their personal data and the right to rectify, delete (except when the Administrator is obliged to further process them), limit processing, the right to transfer data, the right to raise objections, the right to to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
2.Legal basis for the User’s request:
a) Access to data – art. 15 of the GDPR. b) Rectification of data – art. 16 GDPR.c) Deletion of data (the so-called right to be forgotten) – art. 17 of the GDPR.d) Restriction of processing – art. 18 GDPR.e) Transfer of data – art. 20 GDPR. f) Objection – art. 21 GDPRg) Withdrawal of consent – art. 7 sec. 3 GDPR.
3.In order to exercise the rights referred to in point 2, please send an appropriate e-mail to: [email protected]
4.If the User makes a claim resulting from the above rights, the Administrator fulfills the request or refuses to comply with it immediately, but not later than within a month after receiving it. However, if – due to the complicated nature of the request or the number of requests – the Administrator will not be able to meet the request within a month, it will meet them within the next two months informing the User in advance within one month of receiving the request – about the intended extension of the deadline and its reasons.
5.The data subject has the right to lodge a complaint with the President of the Personal Data Protection Office based in Warsaw, if he/she finds that the processing of personal data violates the provisions of the GDPR.
§5 “COOKIES” FILES
1. The Administrator’s website uses ” cookies “.
2.The installation of ” cookies ” is necessary for the proper provision of services on the website. The ” cookies ” files contain information necessary for the proper functioning of the website. However, this information also allows you to create statistics of website visits.
3.We use two types of ” cookies “: “session” and “permanent”.
a) ” Session cookies ” are temporary files that are stored on the User’s end device until logging out (leaving the website).
b) “Permanent” cookies are stored in the User’s end device for the time specified in the parameters of ” cookies ” or until they are deleted by the User.
4.The Administrator uses its own cookies to better understand how Users interact with the content of the website. The files collect information about the way the User uses the website, the type of website from which the User was redirected and the number of visits and time of the User’s visit to the website. This information does not record the User’s specific personal data, but is used to compile website usage statistics.
5.The administrator uses external cookies to collect general and anonymous static data via Google Analytics analytical tools (administrator of external cookies : Google Inc. based in the USA).
6.Cookie files may also be used by advertising networks, in particular by Google. For this purpose, they may keep information about the User’s navigation path or the time spent on a given page.
7.The user has the right to decide on the access of ” cookies ” to his computer by selecting them in advance in his browser window. Detailed information on the possibilities and ways of handling ” cookies ” are available in the software (web browser) settings. Information for selected, most popular browsers:
a) Chrome: https://support.google.com/chrome/answer/95647?hl=pl
b) Safari: https://support.apple.com/pl-pl/guide/ safari/sfri11471/mac , https://support.apple.com/pl-pl/HT201265
c) Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/wy%C5%9Bwietlanie- i-deleting-history-browsing-in-microsoft-edge-00cf7943-a9e1-975a-a33d-ac10ce454ca4 d
) Internet Explorer: https://support.microsoft.com/pl-pl/topic/ how-to-remove-%C4%85%C4%87-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
e) Firefox : https://support.mozilla.org/pl/kb / cookies
f) Opera: https://help.opera.com/pl/latest/web-preferences/#cookies .
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited (hereinafter: Google). Google Analytics uses cookies (collects data on IP addresses, network location, date of visit, operating system, browser type). You have the right to prevent the storage of cookies by setting your browser software accordingly.
§6 TRANSFER OF DATA TO THIRD COUNTRIES
Your personal data, as a rule, will not be transferred outside the European Economic Area (hereinafter EEA). However, bearing in mind the services provided by the online store software provider, it cannot be ruled out that your data may end up outside the EEA. However, these will only be countries that ensure an adequate level of protection based on the decision of the European Commission, and in the case of countries that do not ensure an adequate level of protection, only if they provide appropriate safeguards, including, among others, based on standard contractual clauses adopted by the European Commission or binding corporate rules.
§7 PERIODS OF DATA PROCESSING
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing specified may also result from the provisions, if they constitute the basis for processing. In the case of data processing based on the Administrator’s legitimate interest – the data is processed for a period enabling its implementation or until an effective objection to data processing is submitted. If the processing is based on consent, the data is processed until its withdrawal. If the basis for processing is necessary to conclude and perform the contract, the data will be processed until its termination. The period of data processing may be extended if the processing is necessary to establish, pursue or defend against any claims, and after this period, only if and to the extent required by law. After the expiration of the processing period, the data is irreversibly deleted or anonymized.
§8 AUTOMATED DATA PROCESSING
The administrator will not process your personal data in an automated manner in such a way that any decisions could be made as a result of such automated processing, other legal effects would be caused or it would otherwise significantly affect your rights and obligations.
§9 FINAL PROVISIONS
1.The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction .
2.The administrator provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
3.In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly