§1
GENERAL PROVISIONS
The privacy policy contains rules regarding the processing of personal data by the Store, including the basics, purposes and scope of processing personal data and the rights of data subjects, as well as information on the use of cookies and analytical tools.
2. The administrator of personal data collected through the Online Store is Lukgraph Łukasz Sznajder
with headquarters: Zamłynie 28A, 30-898 Kraków
NIP (tax identification number): 6792557453
REGON: 120750120
E-mail: lukgraph@lukgraph.pl - hereinafter referred to as the "Administrator"
3. Personal data in the Online Store are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) - hereinafter referred to as "GDPR".
4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by a customer using the Online Store is voluntary, except for:
· Entering into contracts in cases and to the extent indicated on the Online Store website and in the Online Store Regulations and this privacy policy, personal data necessary to conclude and perform the Sales Agreement or the contract for the provision of Electronic Services with the Administrator results in the inability to conclude this contract. Providing personal data is in this case a contractual requirement and if the data subject wants to conclude a given agreement with the Administrator, he is obliged to provide the required data. Each time the scope of data required to conclude a contract is indicated previously on the Online Store website
· Statutory obligations - providing personal data is a statutory requirement resulting from the generally applicable provisions of law imposing an obligation on the Administrator to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide it will prevent the Administrator from performing these obligations.
5. The Administrator takes special care to protect the interests of persons to whom the personal data processed by him relates, and in particular is responsible and ensures that the data collected by him are:
· Processed in accordance with the law;
· Collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes;
· Factually correct and adequate in relation to the purposes for which they are processed;
· Stored in a form that allows identification of the persons to whom they relate, no longer than necessary to achieve the purpose of processing;
· Processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
6. Taking into account the nature, scope, context and purposes of processing, as well as the risk of violation of the rights or freedoms of natural persons of various probability and severity of threat, the Administrator implements appropriate technical and organizational measures so that the processing takes place in accordance with the Regulation and to be able to demonstrate it. The administrator uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
§2
BASICS OF DATA PROCESSING
The administrator is entitled to process personal data in cases where - and to the extent that - at least one of the following conditions is met:
· The data subject has consented to the processing of his personal data for one or more specific purposes;
· The processing is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject before the conclusion of the contract;
· The processing is necessary to fulfill the legal obligation incumbent on the Administrator;
· Processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except for situations where the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, in particular prevail over these interests when the data subject is a child.
2. The processing of personal data by the Administrator requires each time at least one of the grounds indicated above. The specific grounds for processing Customers' personal data are indicated below
§3
PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING
Each time the purpose, basis, period and scope as well as the recipient of personal data processed by the Administrator results from actions taken by a given Customer in the Online Store. For example, if the Customer decides to make purchases in the Online Store and chooses personal pickup of the purchased Product instead of courier, his personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier performing the shipment at the request of the Administrator.
2. The Administrator may process personal data in the Online Store for the following purposes, on the following grounds, in periods and in the following scope:
Purpose of data processing |
Legal basis for processing / storage period |
The scope of processed data |
Purpose of data processing |
Article 6 1 lit. b) GDPR Regulations (performance of the contract) |
Range: first and last name; e-mail address; contact telephone number; delivery address (street, house number, apartment number, zip code, city, country), residence / business address / registered office (if different from the delivery address), IP address, customer ID. |
Bookkeeping |
Article 6 1 lit. c) GDPR Regulations in connection with from art. 74 section 2 of the Accounting Act, i.e. of 30 January 2018 (Journal of Laws of 2018, item 395) |
First name and last name; address of residence / business / registered office (if different from the delivery address), company name and customer tax identification number (NIP) |
Determining, investigating or defending claims that may be raised by the Administrator or which may be raised against the Administrator |
Article 6 1 lit. f) GDPR Regulations |
First name and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address). |
Application handling |
Article 6 1 lit. a) GDPR Regulations (consent) |
First name, last name, email address, IP address |
Sending email messages as part of the newsletter service |
Article 6 1 lit. a) GDPR Regulations (consent) |
E-mail address.
|
Publication of product reviews on websites |
Article 6 1 lit. a) GDPR Regulations (consent) |
First name and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address). |
§4
DATA RECIPIENTS
For the proper functioning of the Online Store, including for the implementation of Sales Agreements concluded, it is necessary for the Administrator to use the services of external entities. The administrator uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
2. Transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if the Customer uses personal pickup, his data will not be transferred to the carrier cooperating with the Administrator.
3. Personal data of Online Store Customers may be transferred to the following recipients or categories of recipients:
· Courier / courier brokers - in the case of a Customer who uses the Online Store's method of product delivery by post or courier, the Administrator provides the Customer's collected personal data to the selected carrier or agent performing the shipment at the Administrator's request to the extent necessary to complete the Product delivery to the Customer.
· Entities that support electronic payments or payment cards - in the case of a Customer who uses the Online Store with an electronic payment method or payment card, the Administrator provides the Customer's collected personal data to the selected entity servicing the above payments in the Online Store at the request of the Administrator to the extent necessary to support payments made by customer.
· Service providers that provide the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct business activities, including the Online Store and Electronic Services provided through it (in particular the computer software provider to run the Online Store, the e-mail and hosting provider and software provider for managing the company and providing technical support to the Administrator) - the Administrator provides the collected personal data of the Customer to the selected supplier acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
Providers of accounting and legal services providing the Administrator with accounting and legal support (in particular an accounting office, law firm or debt collection company) - the Administrator provides the collected personal data of the Customer to the selected supplier acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
§5
PROFILING
- The Administrator may use profiling for marketing purposes in the Online Store, but the decisions taken on the basis of it by the Administrator do not relate to the conclusion or refusal to conclude the Sales Agreement or the possibility of using the services in the Online Store. The effect of using profiling in the Online Store may be e.g. granting a given person a discount, sending them a rebate code, reminding about unfinished purchases, sending a product proposal that may correspond to the interests or preferences of a given person or offering better conditions compared to the standard offer of the Online Store . Despite profiling, a given person makes a free decision whether they want to take advantage of the discount received in this way, or better conditions and make a purchase in the Online Store.
2. Profiling in the Online Store is based on the automatic analysis or forecast of a given person's behavior on the Online Store website, e.g. by adding a specific Product to the basket, browsing the page of a specific Product in the Online Store, or by analyzing the previous history of purchases made in the Online Store. The condition for such profiling is that the Administrator has personal data of a given person in order to be able to subsequently send them, e.g. a rebate code.
3. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on that person or similarly significantly affects him.
§6
THE RIGHTS OF THE PERSON WHO THE DATA CONCERNS
The right of access, rectification, limitation, deletion or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete it ("right to be forgotten") or limit processing and has the right to bring object to the processing, and also has the right to transfer their data. Detailed conditions for exercising the abovementioned rights are indicated in art. 15-21 of the GDPR Regulation.
2. The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent has the right to withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
3. Right to lodge a complaint to the supervisory body - a person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory body in the manner and manner specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Office for Personal Data Protection.
4. Right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of personal data concerning him based on art. 6 clause 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In this case, the administrator may no longer process this personal data, unless he demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
5. In order to exercise the rights referred to in this paragraph, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated in paragraph 1.
§7
COOKIES IN THE ONLINE STORE, OPERATING DATA AND ANALYTICS
Cookies (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store website (e.g. on the hard disk of a computer, laptop or on the smartphone's memory card - depending on which the device is used by visitors to our Online Store). Detailed information about Cookies as well as the history of their creation can be found, among others here: http://en.wikipedia.org/wiki/Ciasteczko.
2. The administrator may process the data contained in cookies when visitors use the Online Store website for the following purposes:
· Identify customers as logged in to the Online Store and show that they are logged in;
· Remembering Products added to the basket to place an Order;
· Remembering data from completed Order Forms, surveys or login data to the Online Store;
· Adjusting the content of the Online Store website to individual customer preferences (e.g. regarding colors, font size, page layout) and optimizing the use of Online Store websites;
· Keeping anonymous statistics showing how to use the Online Store website;
· Remarketing, i.e. research into the characteristics of the behavior of visitors to the Online Store by anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit they other websites in the Google Inc. advertising network and Facebook Ireland Ltd .;
3. By default, most web browsers available on the market accept saving cookies by default. Everyone has the ability to specify the conditions for the use of cookies using their own web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving Cookies - in the latter case, however, this may affect some of the functionalities of the Online Store (for example, it may be impossible to go through the Order path via the Order Form due for not remembering Products in the basket during the next steps of placing the Order).
4. The web browser settings in the scope of Cookies are important from the point of view of consent to the use of Cookies by our Online Store - in accordance with the regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, you should change your web browser settings in the field of cookies.
5. Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers are available in the help section of the web browser.
6. The Administrator may use the Google Analytics and Universal Analytics services provided by Google Inc. in the Online Store. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), from the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) and from the Heatmap service provided by HeatMap, Inc. These services help the Administrator analyze traffic in the Online Store. The collected data are processed as part of the above services in an anonymous manner (these are the so-called operational data that prevent identification of a person) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous, i.e. they do not contain identification features (personal data) of persons visiting the Online Store website. The administrator using the above services in the Online Store collects such data as sources and medium of obtaining visitors to the Online Store and how they are stored on the Online Store website, information on the devices and browsers from which they visit the website, IP and domain, geographical data and demographic data (age , gender) and interests.
7. It is possible for a person to easily block sharing of Google Analytics information about his activity on the Online Store website - for this purpose, you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en