This document sets out the rules for the processing and protection of the personal data of Customers of the Online Store available at https://
- The owner of the Online Store and the administrator of the personal data of customers – individuals – and users whose data is the company Shamanka – Magdalena Widzińska KvK – 71367071 BTW – NL780608148B01 Tel. +31616989127E‑mail: firstname.lastname@example.org the Administrator and who is also the Seller.
- Personal data collected by the Administrator through the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (OJ L No 119, p. 1) (General Data Protection Regulation, GDPR) and other currently in force, i.e. throughout the processing period of certain data, by data protection law. Personal data means information about an identified or identifiable natural person (hereinafter referred to as Personal Data). An identifiable natural person is a person who can be identified directly or indirectly, in particular on the basis of an identifier such as name, identification number, internet ID, location data, one or more several specific factors determining the physical, genetic, mental, economic, cultural or social identity of a natural person.
- The Administrator takes special care to respect the privacy of customers visiting his Online Store.
§ 1 Type of data processed, purposes and legal basis
- The Administrator collects information concerning natural persons carrying out a legal act not directly related to their activities, natural persons carrying out economic or professional activities in their own name and natural persons representing legal persons or organizational units not legal persons to whom the law confers legal capacity, carrying on its own behalf an economic or professional activity, hereinafter referred to as Clients.
- The purposes of the processing of Clients’ Personal Data by the Administrator are in particular:
a) register an account in the Online Store, in order to create an individual account and manage this account. Legal basis – necessary for the performance of the contract for the provision of the service of the Account – Art. Whereas article 6 (2) of Regulation (EEC) In this way, the commission shall inform the Commission of (b) GDPR;
b) placing an order in the Online Store for the performance of the contract of sale. Legal basis – necessary for the performance of the contract of sale – Art. Whereas article 6 (2) of Regulation (EEC) In this way, the commission shall inform the Commission of (b) GDPR;
c) subscription to the Newsletter, for the purpose of performance of the contract, the subject of which is a service provided electronically. Legal basis – consent of the data subject to the performance of the contract for the provision of the newsletter service – Art. Whereas article 6 (2) of Regulation (EEC) In this way, the commission shall inform the Commission of and the GDPR.
- When registering an account for the Newsletter service in the Online Store, the Customer provides the following data:
(a) e-mail address.
- When placing an order in the Online Store, the Customer provides the following data:
(a) the e-mail address;
(b) address details: postcode and city, country, street, home/apartment number;
(d) the phone number.
- Traders shall provide the above and additionally:
(a) The Trader’s company name;
(b) the Tax ID number.
- When using the Newsletter service, the Customer provides data:
(a) the e-mail address;
(b) the telephone number.
- Additional information may also be retrieved when using the Online Store, including: the IP address assigned to the Client’s computer or the external IP address of the Internet provider, domain, browser type, access time, operating system type.
- Customers may also be charged navigational data, including information about links and links they choose to click on or other activities performed in our Online Store. The legal basis – legitimate interest – Art. Whereas article 6 (2) of Regulation (EEC) In this way, the commission shall inform the Commission of f GDPR, enabling better use of electronically supplied services.
- In order to determine, pursue and enforce claims may also be processed, certain personal data provided by the Client as part of the use of functionalities, including: name, surname, data on the use of services, if claims arise from the the manner in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. The legal basis – legitimate interest – Art. Whereas article 6 (2) of Regulation (EEC) In this way, the commission shall inform the Commission of f GDPR, consisting in the establishment, investigation and enforcement of claims and on the defense against claims in proceedings before courts and other state bodies.
- Personal data collected by the Administrator is voluntarily provided to him, in connection with the sales agreements concluded or also the provision of services through the Online Store, provided that failure to provide the data specified in the data forms in the registration process prevents registration and creation of a Customer Account, and in the case of placing an order without registration of the Customer Account, it will prevent the placing and execution of the order.
§ 2 To whom we can transfer your data and what time is stored
- The directory of recipients of Personal Data processed by the Administrator is primarily due to the scope of the services used by the Client. Customer’s personal data is transferred to service providers used by the Administrator when running the Online Store. The Providers of Services of the Administrator to whom personal data are transferred, depending on contractual arrangements and circumstances, are subject to the Instructions of the Administrator as to the purposes and means of processing such data – processors – or independently define the purposes and methods of their processing – administrators.
a) Processors – The Administrator uses providers who process personal data only on the instructions of the Administrator and are, inter alia, providers of hosting or ICT services, accounting services, providing systems for marketing, internet store traffic analysis systems, systems for analyzing the effectiveness of marketing campaigns, marketing campaign companies, software service companies.
b) Administrators – The Administrator also uses suppliers who do not act solely on its instructions and determine the purposes and means of using customer personal data. They provide electronic payment services and banking services.
- Location – Service providers are established in Poland and other countries of the European Economic Area (EEA).
- Customer personal data is stored:
a) In the event that the basis of the processing of personal data is transmitted consent, the Personal Data of the Client is processed by the Administrator until the consent is revoked. After its cancellation, personal data shall be stored for a period corresponding to the limitation period for claims which the Controller may claim and what may be raised against him. Unless otherwise provided in a specific provision, the limitation period shall be 10 years and for claims for periodic benefits and claims relating to the pursuit of an economic activity 3 years.
b) In the event that the basis of data processing is the performance of the contract, then the Personal Data of the Client is processed by the Administrator for as long as it is necessary for the performance of the contract. After this time, personal data are processed for a period corresponding to the limitation period for claims. Unless otherwise provided in the special provisions, the limitation period shall be 10 years, for claims for periodic benefits and claims related to the conduct of business 3 years.
- In the event of a purchase in the Online Store, personal data may be transferred, depending on the customer’s choice, the following entities, in order to provide the products ordered in the Online Store:
Post.nl in the Netherlands
- In the event that the Online Store Customer chooses payment through the iDeal payment system, his personal data is transferred to the extent necessary for the implementation of payments to ING Bank based in the Netherlands
- Navigational personal data may be used to provide customers with better service, analysis of statistical data and adapt the Online Store to customers’ preferences and to administer the Online Store.
- In the event that the Customer selects the Newsletter subscription service, the Administrator will send information to his or her mobile phone address or SMS, containing commercial information about promotions, discounts, new products available in its Online Store.
- In the case of a request to the Controller, he makes the data available to the authorized state authorities, in particular the organizational units of the Public Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office Competition and Consumer Protection Or the President of the Office of Electronic Communications.
§ 3 Cookies and IP addresses and SERVER LOGI
- The cookies used by the Administrator are primarily used to optimize the service of visitors when using the Online Store and give the opportunity to develop statistics of visits to the presented products in the Store Online. These files are stored by the Administrator on the end device of the visitor visiting the Online Store, if the web browser allows it. Cookies usually contain the name of the domain from which they originate, their “expiry time” and an individual randomly selected number identifying these cookies.
- Two types of cookies are used:
a) Session cookies – after the end of the browser session or the shutdown of the computer, the stored information is deleted from the memory of the device. The session cookies mechanism does not allow the collection of any personal data or any confidential information from clients’ computers;
b) Persistent cookies – are stored in the memory of the Customer’s terminal device and remain until they are deleted or terminated. The persistent cookies mechanism does not allow the collection of any personal data and any confidential information from the Clients’ computer.
- The administrator uses own cookies to:
a) authenticate the Customer in the Online Store and provide him with a session of the Client after logging in to the Customer Account;
b) anonymous statistics and analyses that help you understand how Customers use the Online Store.
- The administrator uses external cookies to:
a) collection of static data through Google Analytics analytics tools – external cookie administrator: Google Inc. based in the USA;
b) display advertising from Google AdSense – administrator of external cookies: Google Inc. based in the USA;
c) promoting the Online Store on the Facebook.com – administrator of external cookies: Facebook Inc. with its registered office in the USA or Facebook Ireland based in Ireland;
d) an online platform dedicated to customer service: Zendesk based in San Francisco, California, United States,
- The mechanism of cookies is completely safe for the computers of customers of the Online Store. The Customer can independently and at any time change the settings for cookies, specifying the conditions for their storage and access by cookies to his device. Changes to the settings in question may be made by the Customer using the settings of the web browser. These settings may be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or to inform about each posting of Cookies on the Customer’s Device. Detailed information about the possibilities and methods of handling cookies is available in the settings of your web browser. Blocking cookies may affect some of the functionalities available in the Online Store.
- The Administrator may collect the IP addresses of clients. An IP address is the number assigned to the computer of the visitor visiting the Online Store by the Internet service provider. The IP address is used by the Administrator to diagnose technical problems with the server, create statistical analyses and improve the Online Store.
- The Online Store contains links and links to other websites on the Internet and the Administrator is not responsible for the privacy policies of these websites.
- Server Logs – Information about some user behavior is logged in to the server layer. This data is used solely for the purpose of administering the service and in order to ensure the most efficient service of hosted hosting services.
- The viewed resources are identified by URLS. In addition, records may be subject to:
(a) the time of the inquiry,
(b) the time when the response was sent,
(c) the name of the client station – the identification carried out by http protocol,
(d) information about the errors that occurred in the execution of the HTTP transaction,
e) the URL of the website previously visited by the user (referer link) – in case the passage to the Service has been made by a link,
f) information about the user’s browser,
(g) information on the IP address.
10. The above data are not associated with specific page-viewing persons.
11. This data is used only for the purpose of administering the server.
§ 4 Rights and obligations of the data subject
- The right to withdraw consent – the legal basis of Art. Whereas article 7 (2) of Regulation (EEC) 3 GDPR.
a) The Customer has the right to withdraw any consent given to the Administrator.
b) Withdrawal of consent has effect from the moment of withdrawal of consent.
c) Withdrawal of consent does not essentially affect the processing carried out by the Administrator in accordance with the law before its withdrawal.
d) Withdrawal of consent does not cause any negative consequences for the Customer of the Online Store, but may prevent the continued use of services or functionalities, which may only be provided with consent.
- The right to object to data processing – the legal basis of Art. 21 GDPR.
a) The Client has the right at any time to object to the processing of his/her personal data, including profiling, if the Controller processes his data on the basis of a legitimate interest, e.g. marketing of products and services, conducting statistics of the use of individual functionalities of the Online Store and facilitating the use of the Online Store, and testing customer satisfaction.
b) The failure to receive commercial communications regarding products or services, sent by e-mail, will oppose the Client to the processing of his/her personal data, including profiling for these purposes.
c) If the Client’s objection proves to be reasonable and the Administrator has no other legal basis for the processing of personal data, the Client’s data will be deleted against the processing of which, the Client has filed this objection.
- The right to erasure, the right to be forgotten – the legal basis of Art. 17 GDPR.
a) The Customer has the right to send a request for the deletion of all or some personal data.
b) The Customer has the right to request the deletion of personal data if:
- personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
- The Customer withdrew his consent, to the extent that the Customer’s data was processed on the basis of his consent;
- object to the use of his data for commercial or marketing purposes;
- personal data is unlawfully processed;
- personal data must be deleted in order to comply with the legal obligation provided for by Union law or the law of the Member State to which the Administrator is subject;
- personal data has been collected in connection with the provision of information society services.
c) Despite the request for the deletion of personal data, in connection with the objection or withdrawal of consent, the Controller may retain some personal data to the extent that the processing is necessary for the establishment, investigation or defense of claims, as also to comply with a legal obligation requiring them to be processed under Union law or the law of the Member State to which it is subject.
- The right to restrict data processing – the legal basis of Art. 18 GDPR.
a) The Customer of the Online Store has the right to request restriction of the processing of his data. Such a request shall prevent the use of certain functionalities or services that will involve the processing of the data covered by that request.
b) The Customer of the Online Store has the right to request a restriction of the use of personal data in the following situations:
- in the case of non-compliance of its personal data, the Administrator limits their use for the time it takes to verify the correctness of this data;
- where the processing is unlawful and the Customer does not request the deletion of them but a restriction on their use;
- where the Customer’s personal data is no longer necessary for the purposes for which they were collected or used but are needed by the Client to establish, assert or defend claims;
- when it has objected to the use of its data, the restriction shall be made for the time needed to consider whether, due to the particular situation, the protection of the interests, rights and freedoms of the Client outweighs the interests pursued by the Administrator, processing customer’s data.
- The right of access to data, the legal basis of Article 104(1) of the Treaty establishing the European Community, 15 GDPR.
a) The Client has the right to obtain from the Administrator confirmation whether he processes his personal data, and if so, the Client has the right to:
- access to your personal data;
- obtain information about the purposes of processing and recipients or categories of recipients of this data, the planned retention period or the criteria for determining that period, the rights of the Customer under the GDPR and the right to lodge a complaint with the supervisory authority, with a source of data, on automated decision-making, including profiling and the safeguards used in connection with the transfer of such data outside the European Union;
- obtain a copy of your personal data.
- The right to rectification – legal basis of Art. 16 GDPR.
a) The Client has the right to request from the Administrator without delay the rectification of his personal data, which is incorrect. Taking into account the purposes of processing, the Client has the right to request completion of incomplete personal data, including by providing an additional statement, sending an e-mail to the Administrator’s e-mail address.
- The right to data portability – the legal basis of Art. 20 GDPR.
a) The Client has the right to receive his data, which he provided to the Administrator, and then send it to another, chosen by himself, the controller of personal data. The Client of the Online Store also has the right to request that the personal data indicated by him be sent directly by the Administrator to such an administrator, if technically possible. In this situation, the Administrator will send such Customer data in the CSV file format, which is a commonly used format.
- In the event that the Client requests that he or she or she or she/she is satisfied, the Administrator shall have the right to comply with or refuse them, and will do so immediately.
- The Client has the right to submit complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights.
- The Client has the right to request from the Administrator to provide copies of the standard contractual clauses by sending an inquiry to the e-mail address of the Administrator.
- You have the right to lodge a complaint with the President of the Office for Personal Data Protection, in violation of your rights to the protection of personal data or other rights granted under the GDPR.
§ 5 Security of Personal Data
(a) apply the technical and organisational measures required by law, in particular as regards the security of the processing of Personal Data;
(b) apply measures to ensure the continuous confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to quickly restore the availability and access of Personal Data in the event of a physical or technical incident;
d) provides Customers of the Online Store with a secure and encrypted connection when transferring personal data and when logging into the Customer Account using an SSL certificate.
- Any incident affecting the security of the transmission of information, personal data, including suspected sharing of files containing viruses, should be reported to the Administrator by e-mail on the email@example.com
§ 6 Final provisions