PRIVACY POLICY
This Privacy Policy describes the principles of processing of personal data collected by our online shop TRÉCE STORE, the company Zuzanna Kuchajewicz, based in Warsaw, Mehoffera 43D, 03-131, NIP 5242986993, hereinafter referred to as the Administrator, and the use of cookies.
1. Personal data
1.1 The administrator of the personal data is Zuzanna Kuchajewicz (TRÉCE STORE), based in Warsaw. Personal data are processed in accordance with applicable Polish law and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (RODO).Official text of the RODO Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
2. Principles of personal data processing
2.1 The controller may process personal data if at least one of the following conditions is met:
– The data subject has given his/her consent to the processing of his/her personal data for a specific purpose.
– The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
– Processing is necessary for the fulfilment of a legal obligation incumbent on the Controller.
– Processing is necessary for the purposes of the legitimate interests of the Controller or of a third party, provided that these interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The controller must always have at least one of these grounds to process personal data. The specific grounds for processing for different purposes are detailed in the following sections of the privacy policy.
2.2. Users’ personal data are processed in accordance with the law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. (RODO).
3. Scope and purpose of personal data processing
3.1. The purpose of the data processing mainly includes the performance of sales contracts or electronic service contracts, the performance of marketing activities, the collection of customer opinions, the maintenance of tax records, the establishment, assertion or defence of claims and ensuring the proper operation of the online shop website.
3.2.The legal basis for processing varies depending on the purpose of the processing. In the case of the performance of sales or electronic service contracts and the collection of customer feedback, the legal basis is Article 6(1)(b) of the DPA, which covers the necessity of the processing for the performance of the contract or for pre-contractual action. On the other hand, in the case of direct marketing, tax record-keeping, establishing, asserting or defending claims and ensuring the proper operation of the online shop website, the legal basis is Article 6(1)(f) RODO, which refers to the controller’s legitimate interest.
3.3.The duration of data storage also varies depending on the purpose of the processing. Normally, data are kept for the period necessary to fulfil the purpose in question, as well as for the period required by law. For example, data relating to sales contracts are kept until the contract is performed, terminated or expires, while data needed for tax records are kept until required by tax law.
3.4.If data are processed for marketing purposes on the basis of the customer’s consent, the data are stored until the data subject withdraws consent. Similarly, if the customer consents to the processing of data for the purpose of providing feedback on a concluded contract, the data are stored until the consent is withdrawn.
3.5.Any data stored is also deleted after the expiry of the limitation period for claims, unless otherwise provided by law. For business purposes, the basic limitation period for claims is three years and for sales contracts it is two years.
4. Legal grounds for data processing
4.1.
The Administrator uses the services of various third parties, such as software providers, couriers, payment processors and technical service providers. The following are examples of the categories of recipients of personal data of Service Recipients and Customers of the Online Shop:
Carriers, freight forwarders, courier brokers and entities handling the warehouse and/or shipping process: The Administrator makes the Customers’ personal data available to selected carriers or freight forwarders in order to carry out the delivery of the products. This is particularly necessary if the customer chooses courier or postal delivery.
– Entities handling electronic or card payments: When customers use electronic or payment card payment methods, the Administrator transfers the customers’ personal data to the selected entities that handle these payments on the Online Shop.
– Technical, IT and organisational service providers: The Administrator shall make customers’ personal data available to selected suppliers who provide the technical, IT and organisational solutions necessary to operate the Online Shop and provide Electronic Services.
– Accounting, legal and advisory service providers: In order to provide accounting, legal or advisory support, the Administrator shares customers’ personal data with selected providers such as accounting firms, law firms or debt collection companies.
– Providers of social plug-ins, scripts and other tools: The Administrator places social plug-ins and other tools on the website of the Online Shop that allow the visitors’ browser to download content from the providers of the aforementioned plug-ins. For this purpose, visitors’ personal data may be transmitted to these providers.
The Administrator shall ensure that the personal data transferred are kept to the necessary minimum and comply with the principles of this privacy policy.
5. Data storage
5.1. Users’ personal data will be stored for no longer than is necessary for the purposes for which they were collected, and thereafter for the period required by applicable law (e.g. tax and accounting regulations).
6. Users’ rights
6.1. The user has the right to:
– Access to your personal data
– Correction of your personal data
– Deletion of your personal data
– Restriction of processing of your personal data
– Portability of your personal data
– Objection to the processing of your personal data
– To withdraw your consent to the processing of your personal data at any time
6.2. In order to exercise his/her rights, the User may contact the Data Controller using the following email address: kontakt@trece-store.com.
7. Sharing of personal data
7.1. Users’ personal data may be shared with:
– To entities processing data on behalf of the Administrator, e.g. IT service providers, courier companies, payment operators – on the basis of relevant contracts
– Public authorities, if required by applicable law
8. Security of personal data
8.1 The Administrator shall apply appropriate technical and organisational measures to ensure the security of the Users’ personal data and to protect them against unauthorised access, loss, destruction or modification.
9. Cookies
According to Polish law, cookies are defined as small text information in the form of files which are sent by a server and stored on the side of the person visiting the website of the Online Shop. They can be stored on various devices, such as computers, laptops or smartphones, depending on the device used by the user visiting the website.
The cookies that may be used by the Administrator’s website may be divided into different types according to several criteria:
9.1. By provider:
– Proprietary: Created by the site of the Online Shop, i.e. by the Administrator.
– Owned by third parties/entities: Cookies created by entities other than the Administrator.
9.2. By period of storage on the user’s device:
– Sessional: Stored until you log out of the Online Shop or switch off your web browser.
– Permanent: Stored for a specific period of time, which is defined by the parameters of each cookie or until they are manually deleted.
9.3. According to the purpose of their use:
– Necessary: Enabling the proper functioning of the Online Shop website.
– Functional/preferential: Enabling the adaptation of the website of the Online Shop to the user’s preferences.
– Analytical and performance: Gathering information about the use of the website of the Online Store.
– Marketing, advertising and social: Collecting information about users in order to display advertisements, personalise them and carry out marketing activities.
9.4. The administrator may process the data contained in cookies for various purposes, such as identifying users as logged in, remembering products added to the shopping cart, adapting the content of the website to the user’s preferences, keeping anonymous statistics on the use of the website and displaying and rendering advertisements.
9.5. The user can check what cookies are being sent by the Online Shop website at any given time by means of browser settings or tools available online. Most web browsers accept cookies by default, but the user can change these settings to restrict or disable the storing of cookies.
9.6. The Administrator may also use Google Analytics services to analyse traffic on the Online Shop. The data collected by these services are processed to generate statistics to help administer the Online Shop and analyse traffic.
9.7. Visitors to the Online Shop can block information about their activity on the website from being made available to Google Analytics by installing the appropriate browser add-on provided by Google Ireland Ltd.For full details of how Google Ireland Ltd processes data about visitors to the Online Shop, please refer to Google’s service privacy policy.
10. Changes to the Privacy Policy
10.1 The Administrator reserves the right to make changes to this Privacy Policy. Users will be informed of any changes by posting appropriate notices on the shop’s website.
11. Contact
11.1. If you have any questions about this Privacy Policy or the processing of your personal data, you may contact the Data Controller via the following email address: kontakt@trece-store.com.