- GENERAL TERMS.
- The administrator of personal data collected via the Online Store is the company M2T SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA based in Złotniki (headquarters address and delivery address: Złotniki, Krzemowa street 1, 62-002 Suchy Las) entered in the Register of Entrepreneurs of the National court Register under KRS number 0000635313;registration court, in which the company's documentation is stored: District Court Nowe Miasto and Wilda in Poznań, VII Commercial Department of the National Court Register; NIP 9721241282, REGON 302263450, e-mail address firstname.lastname@example.org - hereinafter reffered to as the 'Administrator' and being at the same time the Online Store Service Provider and the Seller.
- Personal data in the Online Store are processed by te Administrator in accordance with applicable law,in particular in accordance with Regulation (EU) 2019/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals wit regard to the processing of personal data and in the free movement of such data and repealing Directive 95/46/EC General Data Protection Regulation) – hereinafter called „RODO” or „RODO Regulation”. Original official Rodo Regulation text can be found: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
- The Administrstor makes special care to protect the intrests of persons to whom the personal data processed by him relates, and in particular is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows identification of the persons they concern, no longer than necessary to achieve the purpose of processing, and (5) processed in a way that ensured adequate security of personal data, includiing protection againt unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.
- Taking into account the nature, scope, context and purposes of processing, as well as the risk of violation of the rights or freedoms of natural persons of different probability and severity of threat, the Administrator implements appropriate technical and organizational measures to process it in accordance with this Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The administrator uses technical measures to prevent acquisition and modification y unauthorized persons of personal data sent electronically.
- BASICS OF DATA PROCESSING
- The administrator is entilted to process personal data in cases where - and to the extent that - at least one of the folowing conditions is met:(1) the data subject has consented to the processing of his personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject before the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation incumbent on the Administrator; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Administrator or by a third party, exceot for situations where the intrestes of fundamental rights and freedoms of the data subject, requiring personal data protection, prevail over these interests, in particular if the data subject is a child.
- PURPOSE, BASIC AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
- Each tome the purpose, basis and the recipient of personal data processed by the Administrator result from actions taken by a given Client or Customer in the Online Store or by the Administrator. For example, if the Customer decides to make purchases in the Online Store and chooses personal pickup of the purchased Product instread of courier, his personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier performing the shipment at the request of the Adminstrator.
- The Administrstor may process personal data as part of the Online Store for the followinf purposes, on the basis and during the periods indicated in the following tables:
Purpose of data processing
Legal basis for data processing
Data storage period
Performance of the Sales Agreement or contract for the provison of Electronic Services or taking action at the request of the data subject before concluding the above-mentioned contracts
Article 6 1 lit. b) GDPR Regulations (performance of the contract) - processing is necessary to perform the contract to which the data subject is party or to take action at the request of the data subject before concluding the contract
The data is stored ofr the period necessary to perform, terminate or otherwise expire the concluded Sales Agreement or contract for the provision of Electronic Services.
Article 6 ust. 1 lit. f) GDPR Regulations (legitimate interest od the administrator ) - procsessing is necessary for purposes arising from the legitimate interests of the Administrator - consisting in taking care of the interests and good image of the Administrator, his Online Store and the desire to sell Products
The data is stored for the duration of the legitiimate interest pursued by the Adminstrator, but no longer than for the perios of limitation of the Administrator's claims against the data subject in respect of the Administrator's buisness activities. The limitation perios is specified by law, in particular the Civil Code (the basic limitation period for claims related to running a buisness is three years, and two years a Sales Agreement).
The adminstrator may not process data for direct marketing purposes if the data subject has secessfully objected to it.
Article 6 ust. 1 lit. a) GDPR Regulatins (consent) - the data subject has consented to the processing of his personal data for marketing purposes by the Adminstrator
Data is stored until the data subject withdraws his consent for further processing of his data for this purpose.
Article 6 par 1 lit. c) GDPR Regulations connection with from art. 74 section 2 of the Accounting Act, i.e. of January 30, 2018 (Journal of Law of 2018, item 395) - processing is necessary to fulfill the legal obligation of the Administrator
The data is stored for theperiod required by law requiring the Administrator to keep accounting books (5 years from the beginning of the year following the financial year to which the data pertain).
Determinig, investigating or defending claims that may be raised by the Administrator or which may be raised against the Administrator
Article 6 ust. 1 lit. f) RODO Regulations (legitimate interest of the administrator) - processing is necessary for purposes resulting from the legitimate interests of the Administrator - consisting in establishing, investigating or defending claims that maybe raised by the Administrator or which may be raised against the Administrator
The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).
Using the Online Store website and ensuring its proper operation
Article 6 ust. 1 lit. f) GDPR Regulations (legitimate interest of the administrator) - processing os necessary for purposes resulting from the legitimate interests of the Administrator - consisting in running and maintaining the Online Store website
The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the perios of limitation of the Administrator's claims against he data subject in respect of the Administrator's buisness activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to running buisness is three years, and two years for a Sales Agreement).
Keeping statistics and analyzing traffic in the Online Store
Article 6 ust. 1 lit. f) GPDR Regulations (legitimate interest of administrator ) - processing is necessary for purposes resulting from the legitimate interests of the Administrator - consisiting of statistics and analysis of traffic in the Online Store in order to improve the functioning of the Online Store and increase the sale of Products
The data is stored for duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of the Administrator's claims against the data subject in respect of the Administrator's buisness activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to running a buisness is three years, and two years for a Sales Agreement).
- DATA RECEPIENTS IN THE ONLINE STORE
- For the proper functioning of the Online Store including fot the implementation of Sales Agreements concluded, it is necessary for the Administrator to use the service of external entities (such as e.g. software supplier, courier or payment processing entity) The administrator uses only the services of such processing entities that provise sufficent guarantees for the implementation of appropriate technical and organizational measures, so that the processing meets the requirments of the GDPR Regulation and protects the rights of data subjects.
- Personal data of the Online Store Customers and Customers may be transferred to the following recipients or categories of reciients:
- Carriers / forwarders / couried brokers / entities operating the warehouse and / or shipping process – in the case of a Customers who uses the Online Store's method of delivery of a Product by post or couries, the Administrator provides the Customer's callected personal data to the selected carrier, forwarder or intermediary performing the shipment on behalf of the Administrtor, and if the shipment is from an external warehouse - the operator of the warehouse and / or the shipping process - to theextent necessary to complete the delivery of the Customer Product.
- Entities that are subcontractors to the Sales Agreement concluded with the Customer – in the case of a Customer who has entered into an Administrator with a Sales Agreement, the subject of which is the repair of a given product in whole or in part by a subcontractor (e.g. manufacturer's service), the Administrator provied the collected personal data of the Customer to the selected subcontractor performing the contract at the request of the Administrator ot the extent necessary to perform.
- Entities that support electronic payments or payment cards – in the case of a Customer eho uses the Online Store with the method of electronic payments card, the Administrator provides the collected personal data of the Customer to the selected entity servicing the above payments in the Online Store at the request of the Administrtor to the extent necessary to support payments made by the Customer .
- Providers of social plugins places on the Online Store's website, scripts and other similar tools enabling the browser of the person visiting the Online Store to download content from the suppliers of the said plugins (e.g. logging in with the login details of a social networking site) and providing the visitor's personal data to these providers for this purpose including:
- Facebook Ireland Ltd. – The administrator uses the Facebook social plugins on the Online Store website (e.g. the Like button, Share or ligin using Facebook login details) and therefore collects and shares the personal data of the Service Recipient using the Online Store website for Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland) to the extent and in accordance with the privacy principles available here: https://wwwfacebook.com/about/privacy (these data include information on activities on the Online Store website - including information about the device, websites visited, purchased, displayed ads and how to use the services - regardless of whether the Service User has a Facebook account and is logged in to Facebook).
- PROFILING IN THE ONLINE STORE
- The Administrator may use profiling for direct marketing purposes in tge Online Store, but the decisions made on its basis by the Administrator do not realte to the conclusion or refusal to conclude the Sales Agreement or the possiblity of using Electronic Services in the Online Store. The effect of using profilinf in the Online Store may be, for example, granting a given person a discount, sending them a rebate code, remindnig about unfinished purchases, sending a Product proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standsrd offer of the Online Store. Despite profiling, a given person makes a free decision whether they want to take advantage of the discount received in this way, or better conditions and make a purchase in the Online Store.
- Profiling in the Online Store is based on the automatic analysis or forecast of a given person's behavior on the Online Store website, e.g. by specific Product to the basket, browsing the page of a specific Product in the Online Store or by analyzing the previous history of purchases made in the Online Store. The condition for such profiling is that the Administrator has personal data od a given person in order to be able to subsequently send them e.g. a rebate code.
- The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on thar person or similarly significantly affects him.
- THE RIGHTS OF THE PERSON WHO THE DATA CONCERNS
- The right to access, rectify, limit, delete or transfer – the data subject has the right to request the Administrator to access his personal data,rectify it, delete it ("right to be forgotten") or limit processing, and has the right to object to the procsessing, as well as the right to transfer his data. Detailed conditions for exercising the abovementioned rights are indicated in art. 15-21 of the GDPR Regulations.
- The right to withdraw consent at any time – a person whose data is processe by the Administrator on the basis of expressed consent (pursuant to art.6 par.1 lit.a) or art.9 item 2 lit. a) GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
- The right to lodge a complaint with a supervisory authority – the person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory body in the manner specified in the provisions of the GDPR Regulations and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Office for Personal Data Protection.
- Right to object – the data subject has the right to object at any time - for reasons realted to his particular situation - to the processing of personal data concerning him based on art. 6 clause 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator may no longe process this personal data, unless he demonstrates the existance of vaild legitimate grounds for processing, superior to the intersts, rights and freedom of the data subjec, or grounds for establishung, investigating or defending claims.
- Right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
- COOKIES IN THE ONLINE STORE AND ANALYTICS
- Cookies are smlal text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store website (e.g. on the hard disc of a computer, laptop or on the smartphone's memory card - depending on which device it uses visiting our Online Store). Detailed information on Cookies, as well as the histiry of their creation can be found, among others under the following link: https://pl.wikipedia.org/wiki/HTTP_cookie.
- Cookies that can be sent by the Online Store website can be divided into different types, accoring to the following criteria:
Reason being the supplier:
1) own (created by the Administator's Online Store website)
2) reasons being third parties / entities (other than the Administrator)
Due to their storage period on the device of the person visiting the Online Store website:
1) session (stored until logging out of the Online Store or turning off the web browser)
2) permanent (stored for a specified by the parameters of each file or until manually deleted)
Because of the purpose of their use:
1) necessary (enabling the proper functioning of the Online Store website),
2) functional / preferential (enabling adjustment of the Online Store webiste to the preferences of the visitor of the website),
3) analytical and performance (collecting information on how to use the Online Store website),
4) marketing, adevertising and social (collecting information about a person visiting the Online Store website in order to display that person personalizes adverstising and conductin other marketing activities, including on websites separate from the Online Store website, such as social networking sites
- The administrator may process the data contained in cookies when visitors use the Online Store website for the following specific purposes:
identification of Service Recepients as logged in to the Online Store and showing that they are logged in (necessary cookies)
remembering Products added to the basket to place an Order (Cookies necessary)
storing data from completed Order Forms, surveys or login datato the Online Store (necessary or / and functional / preferential cookies)
adapting the content of the Online Store website to the individual preferences of the Service Recpient (e.g. regarding colors, font size, page layout) and optimizing the use of Online Store pages (functional / preferential cookies)
keeping anonymus statistics showing how to use the Online Store website (statistical cookies)
remarketing, i.e. reserach on the characteristics of the behavior of visitors to the Online Store by anynymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create their profile and provide them with adverstisments tailored to their anticipated interests, also when they visit other websites in the Google Ireland Ltd. and Facebook Ireland Ltd. adverstising network (marketing advertsing and social cookies)
- Checking in the most popular web browsers which Cookies (including the period of operation of Cookies and their provider) are sent at a given moment by the Online Store website is possible in the following way:
In the Chrome browser:
(1) in the addrrss bar, click the padlock icon on the left, (2) Go to "Cookies”.
In Firefox browser:
(1) in the address bar click the shield icon on the left, (2) go to the "Allowed" or "Blocked” tab, (3) click the "Cross-site tracking cookies", "Social Tracking Elements” or "Content with tracking elements"
In Internet Explorer browser:
(1) click menu „Tools”, (2) go to the "Internet options”, (3) go to "General settings”, (4) click „Settings” tab, (5) click option „View files”
In Opera browser:
(1) in the address bar, click the padlock icon on the left, (2) click „Cookies”.
In Safari browser:
(1) click menu „Preferences”, (2) go to „Privacy” tab, (3) click on the "Manage site data” field.
Regardless of the browser, using tools available, e.g. under: https://www.cookiemetrix.com/ or : https://www.cookie-checker.com/
- The administrator may use the Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator keep statistics and analyze traffic in the Online Store. The collected data is processed as part of a the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. These data are aggregate. The Administrator using the above services in the Online Store collects such data as sources and medium of acquiring visitors to the Online Store and how they are atored on the Online Store website, information on the devices and browers from which they visit the website, IP and domain, geographical data and demographic data (age, gender) and interests.
- It is possible for a person to easily block access to Google Analytics about their activity on the Online Stofe website - for this purpose, for example,you can install browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
- FINAL PROVISIONS