1.
GENERAL PROVISIONS
1.1. This Privacy Policy of the Online Store is for
informational purposes, which means that it does not constitute a source of
obligations for Service Recipients or Customers of the Online Store. The
privacy policy primarily contains the rules related to the processing of
personal data by the Administrator in the online store, including the basis,
purposes and scope of personal data processing and the rights of data subjects,
as well as information on the use of cookies and analytical tools in the online
store.
1.2. The administrator of personal data collected via
the Online Store is DI HELEN with its registered office at Sodowa 19/26 30-376 Kraków and e-mail address: support@dihelen.pl - hereinafter referred to
as the "Administrator" and which is also the Service Provider of the
Online Store and the Seller.
1.3. Personal data in the
online store are processed by the Administrator in accordance with applicable
law, in particular in accordance with Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and regarding free
movement of such data, as well as repealing Directive 95/46/EC (General Data
Protection Regulation) - hereinafter referred to as "GDPR" or
"GDPR". The official text of the GDPR Regulation:http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. Using the online store,
including making purchases, is voluntary. Similarly, providing personal data by
the Customer or Customer using the Online Store is voluntary, subject to two
exceptions: (1) concluding contracts with the Administrator - failure to
provide them in cases and to the extent specified in the Regulations of the
Online Store Website and in the Regulations of the Online Store and this
privacy policy personal data, necessary to conclude and perform a sales
contract or a contract for the provision of electronic services with the
Administrator, lead to the inability to conclude this contract. Providing
personal data is a contractual requirement in this case and if the data subject
wants to conclude this contract with the Administrator, he or she is obliged to
provide the necessary data. Each time, the amount of data necessary to conclude
a contract is specified in advance on the online store website and in the
Online Store Regulations; (2) statutory obligations of the Administrator -
providing personal data is a legal requirement resulting from generally
accepted legal provisions imposing an obligation on the Administrator to
process personal data (for example, data processing for the purpose of keeping
tax or accounting books), and failure to provide them will not enable the
Administrator to fulfill these obligations .
1.5. The Administrator takes
special care to protect the interests of persons whose personal data he
processes, and in particular he is responsible and guarantees that the data collected
by him: (1) are processed in accordance with the law; (2) collected for
specified lawful purposes and not subjected to further processing that is
incompatible with those purposes; 3) substantively correct and adequate in
relation to the purposes for which they are processed; (4) stored in a form
enabling the identification of relevant persons for a period no longer than
necessary to achieve the purpose of processing, and (5) processed in a manner
that ensures appropriate security of personal data, including protection
against unauthorized or unlawful processing and accidental loss, destruction or
damage using appropriate technical or organizational means.
1.6. Taking into account the
nature, scope, context and purposes of processing as well as the risk of
varying likelihood and severity of violating the rights and freedoms of natural
persons, the Administrator applies appropriate technical and organizational
measures to ensure that processing is carried out in accordance with these
Regulations. regulation and can demonstrate it. These measures should be kept
under review and updated as necessary. The Administrator uses technical
measures to prevent unauthorized persons from receiving and modifying personal
data sent electronically.
1.7. All words, expressions
and abbreviations appearing in this privacy policy and beginning with a capital
letter (e.g. Seller, Online Store, Electronic Service) should be understood in
accordance with their definition contained in the Online Store Regulations
available on the Online Store website.
2. BASIS OF DATA PROCESSING
2.1. The Administrator has the
right to process personal data in cases and to the extent that at least one of
the following conditions is met: (1) the data subject has consented to the
processing of his or her personal data for one or more specific purposes; (2)
processing is necessary for the performance of a contract to which the data
subject is party or to take steps at the request of the data subject before
concluding the contract; (3) processing is necessary to fulfill the legal
obligation imposed on the Administrator; or (4) processing is necessary for the
purposes of the legitimate interests pursued by the Administrator or a third
party, unless these interests outweigh the interests or fundamental rights and
freedoms of the data subject requiring protection of personal data, in
particular if the data subject the data concerns, is a child
2.2. The processing of
personal data by the Administrator requires each time at least one of the
grounds indicated in point. 2.1 privacy policy. The specific basis for the
processing of Personal Data of Service Recipients and Customers of the online
store by the Administrator is indicated in the next point of the privacy policy
- regarding the purpose of processing personal data by the Administrator.
3. PURPOSE, BASIS, DEADLINE AND SCOPE OF DATA
PROCESSING IN THE ONLINE STORE
3.1. Each time, the purpose,
basis, deadline and scope as well as the recipients of personal data processed
by the Administrator result from the activities undertaken by this Service
Recipient or Customer in the Online Store. For example, if the Customer decides
to make purchases in the online store and chooses personal collection of the
purchased Goods instead of courier delivery, his or her personal data will be
processed for the purpose of implementing the concluded Sales Agreement, but
will no longer be available to the carrier at the request of the Administrator.
3.2. The administrator may
process personal data in the online store for the following purposes, on the
following grounds, during the periods and to the following extent:
|
Purpose
of data processing |
Legal basis for processing and data storage period |
The amount of data processed |
|
Execution of a sales contract or contract for the provision
of electronic services or taking action at the request of the data subject
before concluding the above-mentioned. contracts |
Art. 6 section 1 letter b) GDPR Regulations
(performance of the contract) The data is stored for the period necessary to perform,
terminate or otherwise expire the concluded contract. |
Maximum range: name and surname; e-mail adress;
telephone contact number; delivery address (street, house number, apartment
number, postal code, city, country), address of residence/business/registered
office (if different from the delivery address). In the case of Service Recipients or Customers who
are not consumers, the Administrator may additionally process the company
name and tax identification number (NIP) of the Service Recipient or Customer. This assortment is maximum - in the case of, for
example, personal collection, there is no need to provide the delivery
address. |
|
direct
marketing |
Art. 6 section 1 letter f GDPR (legitimate interest
of the administrator) The data is stored for the duration of the legally
justified interest pursued by the Administrator, but no longer than the
period of limitation of claims against the data subject in connection with
the business activity conducted by the Administrator. The limitation period
is determined by legal provisions, in particular the Civil Code (the main
limitation period for commercial matters is three years, and for sales
contracts, two years). The administrator may not process data for direct
marketing purposes in the event of an effective objection in this respect by
the data subject. |
e-mail
adress |
|
Marketing |
Article 6(1) 1 letter a) GDPR Regulations (consent) The data is stored until the data subject withdraws
consent to further processing of his or her data for this purpose. |
Name and surname, e-mail address |
|
Expressing the Customer's request regarding the
concluded Sales Agreement |
Article 6(1) 1 letter a) GDPR The data is stored until the data subject withdraws
consent to further processing of his or her data for this purpose. |
e-mail
adress |
|
Bookkeeping |
art. 6 section 1 letter c GDPR in connection with
joke. 74 section 2 of the Accounting Act, i.e. from January 30, 2018 (Journal
of Laws 2018, item 395) The data is stored for the period provided for by
legal provisions that impose on the Administrator the obligation to keep tax
books (until the expiry of the tax liability limitation period, unless tax
regulations provide otherwise) or accounting books (5 years, counting from
the beginning of the year following the financial year of which data
applies). |
First name and last name; address of
residence/business/registered office (if different from the delivery
address), company name and Tax Identification Number (NIP) of the Customer or
Customer |
|
Determining, pursuing or defending claims that may
be raised by the Administrator or that may be raised against the
Administrator |
Article 6(1) 1 letter f GDPR The data is stored for the duration of the legally
justified interest pursued by the Administrator, but no longer than the
period of limitation of claims against the data subject in connection with
the business activity conducted by the Administrator. The limitation period
is determined by legal provisions, in particular the Civil Code (the main
limitation period for commercial matters is three years, and for sales
contracts, two years). |
First name and last name; telephone contact number;
e-mail adress; delivery address (street, house number, apartment number,
postal code, city, country), address of residence/business/registered office
(if different from the delivery address). In the case of Service Recipients or Customers who
are not consumers, the Administrator may additionally process the company
name and tax identification number (NIP) of the Service Recipient or
Customer. |
4. RECIPIENTS OF DATA IN THE
ONLINE STORE
4.1. For the proper
functioning of the online store, including the implementation of concluded
sales contracts, the Administrator must use the services of external entities
(such as e.g. software supplier, courier or payment processor). The
Administrator only uses the services of such processing entities that provide
sufficient guarantees of implementing appropriate technical and organizational
measures so that the processing meets the requirements of the GDPR and protects
the rights of data subjects.
4.2. Data is transferred by
the Administrator not in every specific case and not to all recipients or
categories of recipients indicated in the privacy policy - the Administrator
transfers data only when it is necessary to achieve a given purpose of personal
data processing and only to the extent necessary to achieve it. For example, if
the Customer uses personal collection, his data will not be transferred to the
carrier cooperating with the Administrator.
4.3. Personal data of Service
Recipients and Customers of the Online Store may be transferred to the
following recipients or categories of recipients:
4.3.1. Carriers/Forwarding/courier brokers - in the
case of a Customer who uses the online store to deliver the Goods by post or
courier, the Administrator provides the Customer's collected personal data to
the selected carrier, forwarder or intermediary who carries out the shipment at
the Administrator's request in the amount necessary for delivery. Goods to the Customer.
4.3.2. business entities
making electronic payments or by payment card - in the case of a Customer who
uses the electronic or payment card payment method in the online store, the
Administrator makes the collected personal data of the Customer available to
the selected entity processing the above-mentioned. online payments - stores,
at the Administrator's request, the amount necessary to process the payment
made by the Customer.
4.3.3. public opinion survey
system provider - in the case of a Customer who has agreed to express his or
her opinion on the concluded Sales Agreement, the Administrator provides the
Customer's collected personal data to a selected entity that provides a
research system ensuring conclusions regarding concluded Sales Agreements in
the online store at the request of the Administrator in the amount necessary
for the Customer to express an opinion using the opinion survey system.
4.3.4. service providers
providing the Administrator with technical, IT and organizational solutions
enabling the Administrator to conduct business activities, including the Online
Store and electronic services provided through it (in particular suppliers of
computer software for running the Online Store, e-mail and hosting providers
and suppliers of company management software and providing technical support to
the Administrator) - the Administrator makes the collected personal data of the
Customer available to a selected supplier acting on his behalf, only in the
case and to the extent necessary to achieve a specific purpose of data
processing in accordance with this privacy policy.
4.3.5. providers of
accounting, legal and advisory services that provide the Administrator with
accounting, legal or advisory support (in particular an accounting office, law
firm or debt collection company) - the Administrator makes the collected
personal data of the Customer available to the selected supplier acting on his
behalf, only when and to the extent necessary for the implementation given
purpose of data processing in accordance with this privacy policy.
5. PROFILING IN THE ONLINE STORE
5.1. The GDPR requires the
Administrator to provide information about automated decision-making, including
profiling, as referred to in Art. 22 section 1 and 4 of the GDPR and - at least
in these cases - up-to-date information on the principles of making decisions,
as well as on the importance and expected consequences of such processing for
the data subject. With this in mind, the Administrator informs in this point of
the privacy policy about the possibility of profiling.
5.2. The Administrator may use
profiling in the Online Store for direct marketing purposes, but decisions made
on its basis by the Administrator do not concern the conclusion or refusal to
conclude a Sales Agreement or the possibility of using Electronic Services in
the Online Store. The effect of using profiling in an online store may be, for
example, granting a given person a discount, sending him a discount code,
reminding him about unfinished purchases, sending a Product Offer that may
correspond to the interests or preferences of a given person or offering better
conditions compared to the standard offer of the Online Store. Despite
profiling, this person freely decides whether he wants to take advantage of the
discount obtained in this way or better conditions and make a purchase in the
online store.
5.3. Profiling in an online
store involves the automatic analysis or prediction of human behavior on the
online store's website, e.g. by adding a specific product to the cart, browsing
the page of a specific product in the online store, or analyzing the previous
history of purchases made in the online store. The condition for such profiling
is that the Administrator has personal data of a given person in order to be
able to send him, for example, a discount code.
5.4. The data subject has the
right not to be subject to a decision which is based solely on automated processing,
including profiling, and which produces legal effects concerning him or her or
similarly significantly affects him or her.
6. RIGHTS OF THE DATA SUBJECT
6.1. The right of access,
rectification, restriction, deletion or transfer - the data subject has the
right to request from the Administrator access to his or her personal data,
rectification, deletion ("right to be forgotten") or limitation of
processing and has the right to object to the processing and has the right to
the right to transfer your data. Detailed conditions for the implementation of
the above-mentioned rights are defined in art. 15-21 of the GDPR Regulations.
6.2. The right to withdraw
consent at any time The person whose data is processed by the Administrator on
the basis of consent (in accordance with Article 6(1)(a) or Article 9(2)(a) of
the GDPR) has the right to withdraw consent at any time. at any time without
affecting the lawfulness of processing based on consent before its withdrawal.
6.3. The right to lodge a
complaint with the supervisory authority - the person whose data is processed
by the Administrator has the right to lodge a complaint with the supervisory
authority in the manner and manner specified in the provisions of the GDPR
Regulation and the provisions of Polish law, in particular the Personal Data
Protection Act. The supervisory authority in Poland is the President of the
Personal Data Protection Office.
6.4. Right to object - the
data subject has the right to object at any time - for reasons related to his
or her particular situation - to the processing of personal data concerning him
or her, pursuant to Art. 6 section 1 letter e (public interest or task) or f)
(legitimate interest of the administrator), including profiling based on these
provisions. In such a case, the controller may no longer process personal data,
unless he demonstrates compelling legitimate grounds for processing that
override the interests, rights and freedoms of the data subject, or grounds for
establishing, pursuing or defending claims.
6.5. The right to object to
direct marketing - if personal data are processed for the purposes of direct
marketing, the data subject has the right to object at any time to the
processing of his or her personal data for the purposes of such marketing,
including profiling, for which the processing is related to direct marketing.
6.6. In order to exercise the
rights specified in this point of the privacy policy, you can contact the
Administrator by sending an appropriate message in writing or by e-mail to the
Administrator's address indicated at the beginning of the privacy policy, or
using the contact form available on the online store website.
7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND
ANALYTICS
7.1. Cookies are small text
information in the form of text files, sent by the server and stored on the
side of the person visiting the online store website (e.g. on the hard drive of
a computer, laptop or smartphone) card - depending on the device used by the
person visiting our online store). Detailed information about cookies, as well
as the history of their creation, can be found here:http://pl.wikipedia.org/wiki/Ciasteczko.
7.2. The administrator may
process data contained in cookies when visitors use the online store website
for the following purposes:
7.2.1. identify Customers as
logged in to the Online Store and show that they are logged in;
7.2.2. remembering goods added
to the cart in order to place an Order;
7.2.3. remembering data from
completed Order Forms, surveys or data for entering the online store;
7.2.4. adapting the content of
the online store website to the individual preferences of the Service User
(e.g. regarding colors, font size, page layout) and optimizing the use of the
online store pages;
7.2.5. keeping anonymous
statistics showing how the online store website is used;
7.2.6. remarketing, i.e.
research on the behavior of people visiting the online store through anonymous
analysis of their activity (e.g. repeated visits to specific websites,
keywords, etc.) in order to create their profile and provide them with
advertisements taking into account their expected interests, as well as when
visiting other websites advertising network of Google Inc. and Facebook Ireland
LLC;
7.3. By default, most web
browsers available on the market accept cookies. Everyone can define the
conditions for the use of cookies using the settings of their own web browser.
This means that you can, for example, partially limit (e.g. temporarily) or
completely disable the ability to save cookies - in the latter case, however,
it may affect some functionalities of the online store (e.g. it may not be
possible to follow the order path via the Order form from due to the fact that
the Products are not saved in the basket during subsequent steps of placing the
Order).
7.4. Web browser settings
regarding cookies are important from the point of view of consent to the use of
cookies by our online store - in accordance with the regulations, such consent
may also be expressed through web browser settings. In the absence of such
consent, please change the settings of your web browser regarding cookies.
7.5. Detailed information on
changing cookie settings and deleting them yourself in the most popular web
browsers is available in the web browser's help section and on the following
websites (just click on the link):
7.6. The administrator may use
Google Analytics and Universal Analytics services provided by Google Inc. in
online shop. (1600 Amphitheater Parkway, Mountain View, CALIFORNIA 94043, USA.
These services help the Administrator analyze traffic in the online store. The
collected data is processed anonymously as part of the above services (these
are so-called operational data that prevent personal identification) in order to
create useful statistics in the administration of the online store These data
are of aggregate and anonymous nature, i.e. they do not contain functions
identifying (personal data) persons visiting the online store website, the
administrator, using the above services in the online store, collects data such
as sources and methods of obtaining persons visiting the online store and their
behavior on the online store's website, information about the devices and
browsers from which they visit the website, IP and domain, geographical data
and demographic data (age, gender) and interests.
7.7. This person can easily
block the exchange of information about Google Analytics on the online store's
website - for this purpose, you can install a browser application provided by
Google Inc. ("Google"). available here:https://tools.google.com/dlpage/gaoptout?hl=pl.
7.8. The administrator may use
the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal
Square, Grand Canal Harbor, Dublin 2, Ireland) in the online store. This
service helps the Administrator measure the effectiveness of advertisements and
find out what actions are taken by people visiting the online store, as well as
display personalized advertising to them. Detailed information on how the
Facebook Pixel works can be found at the following website address:https://www.facebook.com/business/help/742478679120153?helpref=page_content.
7.9. Facebook Pixel can be
managed through the ad settings in your Facebook.com account:https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
8. FINAL PROVISIONS
8.1. The online store may contain links to other websites. The administrator encourages you to read the privacy policy contained therein after navigating to other websites. This privacy policy applies only to the Administrator's online store.