1. GENERAL PROVISIONS
1.2. The administrator of Customers’ personal data is Michał Cygal conducting business activity under EXCLUSIVVE BUTIK MICHAŁ CYGAL entered in the Central Register and Information on Economic Activity maintained by the minister responsible for Economic Affairs, with its headquarters at ul. Azaliowa 3 Bielawa, 55-093 Kiełczów, NIP 8961337495, REGON 365656953, e-mail address: email@example.com, telephone number: 537348151, 537848151 – hereinafter referred to as “the administrator” and being both the Online Store service provider and the Seller.
1.3. Personal data of the Service Recipients and Customers are processed in accordance with the Personal Data Protection Act of 29 August 1997. (Journal of Laws 1997 No. 133, item. 883 with amendments) (hereinafter: the act on the protection of personal data) and the act on the provision of services by electronic means of 18 July 2002. (Journal of Laws 2002 Nr 144, item. 1204 with amendments).
1.4. The Administrator shall take particular care to protect the interests of the interest of those who provided personal data and, in particular, ensure that the data collected are lawfully processed; collected for designated legitimate purposes and not subjected to further processing incompatible with those purposes; materially correct and adequate in relation to the purposes for which they are processed and stored in a form enabling the identification of the data subjects no longer than is necessary to achieve the purpose of the processing.
1.5. All words, phrases, and acronyms appearing on this web page and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service, etc.) should be understood according to their definition contained in the Terms and Conditions of the Online Store available on the website of the Online Store.
2. Purpose and scope of data collection and data recipient
2.1. Each time the purpose, scope, and recipient of the data processed by the administrator resulting from the actions taken by the Service Recipient or Customer in the Online Store. For example, if a Customer chooses self pick-up over courier delivery during the placing of an order, his personal data will be processed for the purpose of concluding and executing the Sales Contract, but will no longer be made available to the carrier delivering shipments on the order of the Administrator.
2.2. Possible purposes of collecting personal data of Service Recipients or Customers by the Administrator:
1.1.1. conclusion and fulfillment of a Sales Contract or Electronic Service contract (e.g. Account).
1.1.2. direct marketing of the Administrator’s own products or services.
2.3. Possible recipients of personal data of Online Store Customers:
1.1.3. In the case of a Customer who chooses the delivery method by mail or courier in the Online Store, the Administrator shall make available the collected personal data of the Customer to the chosen carrier or intermediary executing the shipments on the order of the Administrator.
1.1.4. In the case of a Customer who uses an electronic payment method or a payment card in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected entity handling the above payments in the Online Store.
2.4. The Administrator may process the following personal data of Service Recipients or Customers using the Online Store: name and surname; e-mail address; telephone number; delivery address (street, house number, premises number, postal code, city, country), residence/business/HQ address (if different from the delivery address). In the case of Service Recipients or Non-Consumer Customers, the Administrator may additionally process the name of the company and the tax identification number (NIP) of the recipient or Customer.
2.5. The provision of the personal data referred to in the above paragraph may be necessary for the conclusion and execution of a Sales Contract or Electronic Service Contract in the Online Store. Each time the scope of the data required to conclude the contract is indicated in advance on the website of the Online Store and in the Terms and Conditions of the Online Store.
3. Cookies and performance data
3.1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Online Store (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on which device the visitor uses our Online Store). Detailed information on cookie files as well as their history can be found here: https://en.wikipedia.org/wiki/HTTP_cookie
3.2. The Administrator may process data contained in Cookies when visitors use the website of the Online Store for the following purposes:
1.1.5. Identification of Customers as logged in in the Online Store and showing that they are logged in;
1.1.6. Saving products added to the basket to place an order;
1.1.7. Save the data from completed order forms, surveys or the Online Store login data;
1.1.8. Customizing the content of the Online Store page to the Customer’s individual preferences (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store pages;
1.1.9. Keeping anonymous statistics showing how the visitors use the Online Store website.
3.5. Detailed information on changing the Cookie settings and their self-deletion in the most popular web browsers are available in the help section of the web browser and on the following pages (just click on this link):
3.11. Microsoft Edge
3.12. The Administrator also processes anonymous operating data related to the use of the Online Store (IP address, domain) to generate statistics to help in the administration of the Online Store. This data is aggregated and anonymous, i.e. it does not include features identifying people who visit the website of the Online Store. This data shall not be disclosed to third parties.
4. The basis for data processing
4.1. The provision of personal data by the Service Recipient or Customer is voluntary, although the failure to provide the personal data necessary for the conclusion and implementation of the Sales Contract or the Electronic Service Contract indicated in the website and in the Online Store’s Terms and Conditions results in the inability to conclude the contract.
4.2. The processing of personal data of the Service Recipient or Customer is based on the need to execute the contract to which he or she is a party or take action at his or her request prior to its conclusion. In the case of data processing for the direct marketing of the Administrator’s own products or services, such processing shall be based on (1) the prior consent of the Service Recipient or Customer or (2) the fulfillment of the legitimate objectives pursued by the Administrator (in accordance with the article. 23 points 4 of The Personal Data Protection Act – direct marketing of the Administrator’s own products or services is considered to be a legitimate purpose.)
5. Right to control, access and correct the content of one’s data
5.1. The Service Recipient or Customer has the right to access and correct the content of his or her personal data.
5.2. Each person has the right to control the processing of the data relating to him or her contained in the Administrator’s data set and in particular the right to: request to supplement, update, rectify personal data, temporarily or permanently withhold the processing or deletion of said data if it is incomplete, outdated, untrue or collected in violation of the Act or are no longer necessary for the purpose for which they were collected.
5.3. In the event of the Service Recipient or Customer giving consent to the processing of data for the direct marketing of the Administrator’s own products or services, the consent may be revoked at any time.
5.4. If the Administrator intends to process or processes the data of the Service Recipient or Customer for the purpose of direct marketing of the Administrator’s own products or services, the person whose data is processed shall also be entitled to (1) submit a written, reasoned request to stop processing his or her data because of his or her particular situation or to (2) object to the processing of his data.
6. Final provisions
6.2. The Administrator shall take technical and organizational measures to ensure the protection of the personal data processed appropriate to the risks and categories of protected data, and in particular to ensure that the data is not accessed by unauthorized parties, collected by unauthorized persons, processed in breach of applicable laws and altered, lost, damaged or destroyed.
6.3. The Administrator shall make the following technical measures available to prevent unauthorized acquisition and modification of personal data transmitted by electronic means:
1.1.10. Secure the data set against unauthorized access.
1.1.11. Access to the account only after providing an individual login and password.