PRIVACY AND COOKIES POLICY
part I – definitions relating to the protection of personal data;
part II – information about the processing of personal data;
part III – information about the rights of data subjects (next “Customers“);
part IV – policy relating to the cookies.
personal data – all information relating to an identified or identifiable natural person;
identifiable person – a person whose identity can be identified directly or indirectly, e.g. by reference to an identification number or a factor that defines his physical, physiological, mental, economic, cultural or social characteristics;
processing of personal data – it is any operation on personal data, including collecting, recording, storing, developing, changing, sharing, deleting, copying;
personal data administrator – it is an entity that determines the purposes and means of processing personal data and is responsible for their processing in according to the law.
II. INFORMATION ON THE PROCESSING OF PERSONAL DATA
1) PERSONAL DATA ADMINISTRATOR
The administrator of customer’s personal data is Patrycja Tachmańska leading a business called Decoria Studio Patrycja Tachmańska, ul. Stanisława Dubois 12 lok. 30B, 00-188 Warszawa, NIP: 8241754874, called next “Administrator“.
2) PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The purposes of processing customer’s personal data are:
- sending commercial information, including making automated decisions based on profiling (in order to automatically adjustment offers and discounts) – based on the Customer’s consent (Article 6 (1) (a) GDPR);
- setting up an account in online shop operated through the Website (decorative accessories rental and interior design shop) and the realizations of orders – based on the legitimate interest of the Administrator (Article 6 (1) (c) and (f) GDPR);
- considering complaints and answering customer inquiries – based on the legitimate interest of the Administrator (Article 6 (1) (c) and (f) of the GDPR).
Providing personal data by the Customer is voluntary, but necessary in order to use the Website.
3) CATEGORIES OF PROCESSED PERSONAL DATA
To achieve the goals, which are in point 2) above, the following categories of Customer’s personal data are processed:
- name and surname;
- e-mail address;
- telephone number;
- PESEL (in the case of consumers);
- NIP (in the case of persons leading a business).
4) PERSONAL DATA RECIPIENTS
The recipients of personal data as part of the realizations of the ordered services and granted consents can be the following entities:
- subcontractors who provide services in the field of software, software maintenance or equipment used to process personal data;
- entities implementing marketing campaigns;
- entities providing hosting services;
- legal service entities;
- other entities with which the Administrator has concluded entrustment agreements, on the basis of which third parties process personal data on behalf of the Administrator (in particular an accounting office, transport company);
- in according to the regulations of online shop operating through the Website (decorative accessories rental and interior furnishing shop), in order to fulfill orders, customer’s personal data may be transferred to the necessary extent to third parties carrying out the delivery of orders and handling electronic payments.
Your personal data may be transferred to recipients located in countries outside the European Economic Area (European Union countries and Iceland, Liechtenstein and Norway). This is related to the Administrator’s use of IT services from Google Inc. based in the United States of America and social networks (Instagram, Facebook, Pinterest, YouTube, LinkedIn), which the headquarters is in the USA.
5) PERIOD OF STORAGE OF PERSONAL DATA
If the basis for the processing of your personal data is the performance of the contract (fulfillment of orders), your personal data will be stored as long as it is necessary to use the account in online shop, fulfill orders and prepare a response to an inquiry or complaint, and no longer than until the account is deleted, the complaint is considered or the claims are time-barred, depending on which event will be later.
If the basis for the processing of your personal data is your consent (newsletter), your personal data will be processed until your voluntary consent is withdrawn.
6) AUTOMATED DECISION MAKING
Your personal data may be used to make decisions that are based only on automated processing, including profiling, and have legal effects on you or similarly significantly affect them.
If you have given separate consent for this, the Administrator will automatically adapt appropriate content to his profile, e.g. offers and discounts based on profiling, which consists in using personal data to analyze or forecast aspects of personal preferences and interests. Automated decisions will be made based on, inter alia, for your previous purchasing decisions. This will enable better adjustment of the offer to your needs.
III. INFORMATION ABOUT THE RIGHTS OF PERSONS WHO DATA CONCERN
1) RIGHTS OF PERSONS WHO THE DATA CONCERNS
According to the GDPR, from May 25, 2018, you have the following rights:
Data subject right
What does it mean
a) The right of access
– You have the right to access information processed by the Administrator.
– You have the right to obtain a copy of your personal data processed by the Administrator.
b) The right to rectify data
– You have the right to request the correction of your data if it is incorrect or incomplete.
c) The right to delete data (the right to “be forgotten”)
– You have the right to request the deletion of your data in cases where there is no important reason for their further use by the Administrator.
d) The right to restriction of processing
– You have the right to ‘block’ or limit any further use of your data in certain circumstances. If the processing is limited, the Administrator may still store your data, but has no right to use it.
e) The right to data portability
– You have the right under certain circumstances to receive and reuse your personal data in a structured, commonly used and machine-readable format.
– You have the right to request that your personal data be sent by the Administrator directly to another administrator, if technically possible.
The administrator is obliged to provide you with appropriate information without undue delay and in any case within one month of receiving the request. If necessary, this period may be extended by another two months due to the complexity of the request or the number of requests.
2) RIGHT TO OBJECT
You have the right to object to the processing of your personal data due to the fact that the processing takes place on the basis of the legitimate interest of the Administrator.
This means that if you object to the processing, the Administrator will stop processing your personal data, unless the Administrator demonstrates the existence of important legally grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defense of claims.
The right to object does not apply to such processing of personal data, the basis of which is the performance of the contract (it can be terminated), consent (it can be withdrawn) or a legal obligation.
3) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the supervisory body – the President of the Personal Data Protection Office (contact details: https://uodo.gov.pl/pl/p/kontakt).
The collected information relates to the IP address, type of browser used, language, type of operating system, Internet service provider, information about the time and date, location and information sent to the website through the contact form.
The collected data is used to monitor and check how customers use the Website to improve the functioning of the website, providing more effective and problem-free navigation. We monitor user information using the Google Analytics tool that records customer behavior on the website.
We use the following cookies on our website:
- “necessary” cookies, enabling the use of services available on the website, e.g. authentication cookies used for services that require authentication on the website;
- cookies used to ensure security, e.g. used to detect fraud in the field of authentication within the website;
- “performance” cookies, enabling the collection of information on how the website pages are used;
- “functional” cookies, enabling “remembering” the settings selected by the user and personalizing the user interface, e.g. in terms of the language or region the user comes from, font size, website appearance, etc .;
- “advertising” cookies, enabling the delivery of advertising content to users more adjusted to their interests;
The user may at any time disable or restore the option of collecting cookies by changing the settings in the web browser. Instructions for managing cookies are available at http://www.allaboutcookies.org/manage-cookies.