1. GENERAL PROVISIONS
1.2. The data controller for personal data collected through the Online Store is KS Biuro Marketingowe Sławomir Kotowski, with its registered office in Szczecinek at ul. Boh. Warszawy 31-35, room 211, 78-400 Szczecinek; NIP 6191028916, REGON 330882823 - hereinafter referred to as the "Administrator" and also the service provider of the Online Store and the Seller.
1.3. In connection with the conducted activity, the Administrator collects, stores, and processes personal data in accordance with applicable regulations, in particular with the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and the principles of processing personal data provided for therein, as well as the Act on the Protection of Personal Data of 29 August 1997 (Journal of Laws of 1997, No. 133, item 883, as amended) (hereinafter referred to as the "Personal Data Protection Act") and the Act on the Provision of Electronic Services of 18 July 2002 (Journal of Laws of 2002, No. 144, item 1204, as amended).
2. DEFINITIONS AND TERMS
2.1. Personal data – any information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, online identifier, and information collected via Cookies and other similar technology.
2.3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
2.4. Service Provider or Client – any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2.5. Contact with the Data Administrator is possible electronically at the email address: firstname.lastname@example.org or by traditional means- in writing to the correspondence address: KS Biuro Marketingowe Sławomir Kotowski, ul. Boh. Warszawy 31-35 room 211, 78-400 Szczecinek.
2.7. All words, phrases, and acronyms appearing on this page and starting with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood according to their definition contained in the Terms and Conditions of the Online Store available on the Online Store's website.
3. PURPOSE AND SCOPE OF DATA COLLECTION AND DATA RECIPIENTS
3.1. The purpose, scope, and recipients of the data processed by the Administrator result from the actions taken by the Service Recipient or the Customer in the Online Store. For example, if the Customer chooses personal pickup instead of courier delivery, their personal data will be processed for the purpose of concluding and performing the Sales Agreement but will not be provided to the carrier carrying out shipments on behalf of the Administrator.
3.2. Possible purposes of collecting personal data of Service Recipients or Customers by the Administrator:
3.2.1. Conclusion and implementation of the Sales Agreement or the agreement for the provision of Electronic Services (e.g. creating a Customer Account).
3.2.2. Direct marketing of the Administrator's products or services.
3.2.3. In the case of a Customer who uses postal or courier delivery in the Online Store, the Administrator provides the collected personal data of the Customer to the chosen carrier or intermediary carrying out shipments on behalf of the Administrator.
3.3. The Administrator may process the following personal data of Service Recipients or Customers using the Online Store: name and surname; email address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), residential address/business address/registered office (if different from the delivery address). In the case of Service Recipients or Customers who are not consumers, the Administrator may also process the name of the company and the tax identification number (NIP) of the Service Recipient or Customer.
3.4. Providing the personal data referred to in the above point may be necessary to conclude and perform the Sales Agreement or the agreement for the provision of Electronic Services in the Online Store. The scope of data required to conclude the agreement is indicated on the Online Store's website and in the Online Store's Terms and Conditions each time.
4. COOKIES AND OPERATING DATA
4.1. Cookies are small text information in the form of text files, sent by the server and stored on the side of the person visiting the online store (e.g. on the hard drive of a computer, laptop, or the memory card of a smartphone - depending on the device used by the online store visitor). Detailed information regarding cookies, as well as the history of their creation, can be found, for example, here: http://pl.wikipedia.org/wiki/Ciasteczko
4.2. The collected information pertains to the IP address, type of browser used, language, operating system, internet service provider, date and time information, location, as well as information transmitted to the website through the contact form.
4.3. The Administrator may process the data contained in cookies when the visitors use the online store for the following purposes:
4.3.1. Identifying customers as logged in to the online store and displaying that they are logged in.
4.3.2. Remembering products added to the cart to place an order.
4.3.3. Remembering data from completed order forms, surveys, or login data to the online store.
4.3.4. Adapting the content of the online store page to the individual preferences of the customer (e.g. regarding colors, font size, page layout) and optimizing the use of the online store pages.
4.3.5. Conducting anonymous statistics on the manner of using the online store.
4.3.6. Analyzing the behavior characteristics of visitors to the online store (repeated visits to pages, keywords, etc.) in order to create their profile and provide them with personalized promotions.
4.4. By default, most internet browsers available on the market accept the storage of cookies. Everyone has the option of determining the conditions of using cookies through the settings of their internet browser. This means that, for example, it is possible to partially limit (e.g. temporarily) or completely disable the ability to save cookies. In the latter case, however, it may affect some of the functionalities of the online store (for example, it may be impossible to go through the order path via the order form due to failure to remember the products in the cart during subsequent order placement steps).
4.6. Detailed information on changing settings related to cookies and their independent removal in the most popular internet browsers are available in the help section of the internet browser.
4.7. The Administrator also processes anonymous operational data related to the use of the online store (IP address, domain) to generate statistics helpful in administering the online store. This data is collective and anonymous, i.e. it does not contain features that identify people visiting the online store. This data is not disclosed to third parties.
5. BASIS FOR DATA PROCESSING
5.1. Providing personal data by the Service Recipient or Customer is voluntary, however, failure to provide personal data necessary to conclude and perform the Sales Agreement or Electronic Service Agreement as indicated on the Internet Store's website and in the Internet Store Regulations results in the inability to conclude such an agreement.
5.2. The basis for processing the personal data of the Service Recipient or Customer is the necessity to perform the agreement of which they are a party or to take action at their request before its conclusion. In the case of processing data for direct marketing of the Administrator's own products or services, the basis for such processing is (1) prior consent of the Service Recipient or Customer or (2) the fulfillment of legally justified purposes pursued by the Administrator (by Art. 23 sec. 4 of the Personal Data Protection Act, legally justified purposes include in particular direct marketing of the Administrator's products or services).
5.3. The Data Administrator reserves the right to process the personal data of the Service Recipient or Customer even after termination of the Agreement, cooperation, or withdrawal of consent only to the extent necessary to pursue any claims before a court or if national, European Union, or international laws oblige the Administrator to retain the data.
5.4. The Data Administrator has the right to provide personal data of the Service Recipient or Customer and other data to authorized entities on the basis of applicable law (e.g. law enforcement authorities).
5.5. The Data Administrator does not provide personal data to other entities than those authorized under applicable law or for the purpose of fulfilling the placed order (courier companies).
5.6. The Data Administrator has implemented access control measures aimed at minimizing the consequences of a possible breach of data security.
5.7. Personal data is processed only by persons authorized by the Data Administrator or processors with whom the Data Administrator closely cooperates.
6. RIGHTS OF PERSONS WHOSE DATA IS BEING PROCESSED
6.1. The Service Recipient or Customer has the right to lodge a complaint with the supervisory authority (PUODO - President of the Office for Personal Data Protection).
6.2. The Service Recipient or Customer, who is a person whose data is being processed, has the following rights:
6.2.1 the right to information on the processing of personal data, i.e. on the purposes and legal bases of data processing, the scope of data held, entities to whom data are disclosed, and the planned date of data erasure;
6.2.2 the right to obtain a copy of the data - the right to request the Administrator to provide a copy of the processed data concerning the person making the request;
6.2.3 the right to rectification - the right to request the Administrator to remove inconsistencies or inaccuracies in personal data and to supplement them in the event of their incompleteness;
6.2.4 the right to delete data - the right to request the Administrator to erase data that is no longer necessary for the purpose for which it was collected;
6.2.5 the right to restriction of processing - the right to request the Administrator to cease operations on personal data - except for operations for which the person has given consent and to store them according to the adopted retention rules or until the reasons for processing restriction ceases (e.g. a decision of the supervisory authority allowing further data processing is issued);
6.2.6 the right to transfer data - the right to request the Administrator to issue data provided by the person whose data is being processed in a format allowing them to be read by a computer;
6.2.7 the right to object to the processing of data for marketing purposes - the right to object to the processing of personal data for marketing purposes by the Data Administrator, without the need to justify such objection;
6.2.8 the right to withdraw consent - the right of the person whose data is being processed to withdraw consent to the processing of personal data at any time, which does not affect the lawfulness of the processing carried out before the consent was withdrawn.
6.3. If the Service Recipient or Customer has given consent to process data for direct marketing of its products or services by the Administrator, the consent may be withdrawn at any time.
6.4. If the Administrator intends to process or processes data of the Service Recipient or Customer for direct marketing of its products or services, the person whose data is being processed is also entitled to (1) submit a written, justified request to cease processing of its data due to its specific situation or (2) object to the processing of its data.
6.5. To exercise the rights referred to above, you can contact the Administrator by sending an appropriate message in writing to the address of the Administrator indicated at the beginning of this Policy.
7. FINAL PROVISIONS
7.1. The administrator uses technical and organizational measures to ensure the protection of personal data being processed appropriate to the threats and categories of data protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction. To ensure the integrity and confidentiality of data, the Data Administrator has in particular implemented procedures that allow access to personal data only to authorized persons/entities to the extent only necessary due to the tasks performed by these persons/entities.
7.2. The Administrator provides the following technical measures to prevent unauthorized persons from accessing and modifying personal data transmitted electronically:
7.2.1. Securing the data set against unauthorized access.
7.2.2. Access to the account only after entering an individual login and password.
7.2.3. SSL certificate.
Document valid from January 31, 2023