The administrator of your personal data within the meaning of the provisions on the protection of personal data is Sylwia Clayton, registered as a business in Tychy (43-100), at Sienkiewicza 7, Poland, NIP 6381652888
The purposes, legal bases and period of personal data processing are indicated separately for each purpose of data processing (see the description of individual purposes of personal data processing below).
The GDPR grants you the following potential rights related to the processing of your personal data:
1.right to access personal data,
2.right to rectify personal data,
3.right to delete personal data,
4.right to limit the processing of personal data,
5.right to object to the processing of personal data,
6.right to transfer data,
7.right to lodge a complaint with a supervisory authority,
8.the right to withdraw consent to the processing of personal data, if you have given such consent.
The rules related to the implementation of the indicated rights are described in detail in Art. 16 – 21 GDPR.
You can also always ask us to provide you with information about what data we have about you and for what purposes we process it. Just send a message to firstname.lastname@example.org
Personal data is collected with due diligence and properly protected against access by unauthorized persons.
List of entrustments.
We entrust the processing of personal data to the following entities:
1) Mailerlite, Ireland – newsletter service for sending e-mails (based on your consent).
2) Dreamhost, USA – hosting provider, where this website is hosted
And if you make a purchase in our shop, also:
1) Maria Tomala & Sławomir Bartz, Poland – accounting office, to which we entrust data processing for the purpose of making tax settlements on the basis of a data entrustment agreement.
2) iFirma, Poland – invoicing system in order to issue invoices and bills
3) Shoper, Poland – a SaaS platform where our shop is hosted
All entities entrusted with the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
Transferring personal data to third countries.
We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield program or using standard contractual clauses.
Personal data is stored on servers located in third countries using the following tools:
• Google services as part of the G-Suite package, the provider of which is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – in the scope of all data that is processed as part of Google services, including data contained in in files synchronized with Google Drive.
Google Ireland Limited ensures an adequate level of personal data protection by using the compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield program. Below are links to confirmations of participation in the Privacy Shield program, where you can read information on the processing of personal data by these entities.
• Google: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI,
Processing purposes and activities
User’s account. When creating a user account, you must provide your e-mail address and define a password for the account. Providing data is voluntary, but necessary to create an account.
The data entered by you as part of the user account is processed solely for the purpose of maintaining the account and providing you with the possibility of using it. Providing data in the user account is to make it easier for you to place orders in the store by automatically substituting data in the order form.
The legal basis for the processing of your personal data as part of the user account is the implementation of the account agreement, which you conclude on the basis of the store regulations – art. 6 sec. 1 lit. b GDPR.
The data collected in the user’s account is processed as part of the Shoper platform and stored on their server.
Your data will be processed as part of the account as long as you have a user account. After deleting the account, your data will be removed from the database, with the exception of data about placed orders.
You can access your personal data processed as part of your account at any time by logging into your user account. After logging in to your account, you can modify your data at any time, as well as delete it, with the exception of data about placed orders. You can also decide to delete your account at any time.
In relation to the data collected in the user’s account of favors you also have the right to transfer the data referred to in art. 20 GDPR.
When placing an order, you must provide the data necessary to process the order, i.e. name and surname, billing address, delivery address, e-mail address, telephone number. Providing data is voluntary, but necessary to place an order.
The data provided to us in connection with the order are processed in order to fulfill the order (Article 6 (1) (b) of the GDPR), issue an invoice (Article 6 (1) (c) of the GDPR), include the invoice in my accounting documentation (Article 6 (1) (b) of the GDPR). 6 (1) (c) of the GDPR) and for archival and statistical purposes (Article 6 (1) (f) of the GDPR).
The data contained in the order placed via the store are processed as part of the shoper platform and the iFirma invoicing platform in order to issue a sales document.
Information about orders will be processed for the time necessary to perform the order, and then until the expiry of the limitation period for claims under the contract. In addition, after this deadline, the data may still be processed by me for statistical purposes. Also remember that we have an obligation to store invoices with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.
In the case of order information, you cannot rectify this data after the order has been processed. You also cannot object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. Similarly, you cannot object to the processing of data and request the deletion of data contained in invoices. After the expiry of the limitation period for claims under the contract, you can, however, object to the processing of your data by me for statistical purposes, as well as request the removal of your data from my database.
In relation to the information about orders, you also have the right to transfer the data referred to in art. 20 GDPR.
If you want to subscribe to the newsletter, you must provide us with your e-mail address via the newsletter subscription form.
The data provided to us when subscribing to the newsletter is used to send you a newsletter, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the newsletter.
The data is processed as part of the MailerLite mailing system and stored on a server provided by MailerLite.
The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will delete your data from the database.
You can correct your data stored in the newsletter database at any time, as well as request their removal by resigning from receiving the newsletter. You also have the right to transfer the data referred to in art. 20 GDPR.
By contacting us via e-mail, including sending an inquiry via the contact form, you naturally provide us with your e-mail address as the sender’s address. In addition, you can also include other personal data in the text of the message.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from initiating contact with us. The legal basis for processing after the end of contact is the justified purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR).
Cookies and other tracking technologies
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system.
Cookies can be divided into own cookies and third-party cookies.
See below for more details.
Consent to cookies.
Own cookies. We use our own cookies to ensure the proper operation of the website, in particular to recognize the user during the next visit to the website, in order to improve and personalize the website, log in to the user’s account and remember preferences.
Marketing. We use marketing tools such as Facebook Pixel to target ads to you. This is related to the use of Facebook cookies.
We use Google AdWords remarketing tools. This is related to the use of Google LLC cookies for the Google AdWords service.
More information on cookies is available at www.wszystkoociasteczkach.pl or in the “Help” section in the browser’s menu.
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.
The data stored in the server logs are not associated with specific people using the website and are not used by me to identify you.
The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.