§ 1
General Provisions
1. This Privacy Policy sets out the principles governing the processing of personal data collected through the website www.idecha.pl (hereinafter: the “Website”).
2. The data administrator is ŁUKASZ JASZYNA who operates a sole proprietorship under the name IDECHA COMPANY ŁUKASZ JASZYNA, registered in the Central Register and Information on Business Activity (CEIDG) of the competent Minister of Economy, NIP: 8621646174, REGON: 383161195.
3. Personal data collected by ŁUKASZ JASZYNA, who runs a sole proprietorship under the name IDECHA COMPANY ŁUKASZ JASZYNA, through the IDECHA Online Shop, hereinafter referred to as the Administrator, are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation), also referred to as the GDPR.
4. The administrator pays special attention to respecting the privacy of users who visit the website.
§ 2
Nature and purpose of the processing of data
1. The Administrator collects information about natural persons who carry out commercial or professional activities in their name, as well as natural persons who represent legal entities or organizational units that are not legal entities and to which the law grants legal capacity, hereinafter collectively referred to as Users.
2. Personal data of the users are collected when:
a) registering an account on the website, to create and manage an individual account. Legal basis: necessary for the performance of the contract to provide the account service,
b) placing an order on the website to fulfill the contract. Legal basis: necessary for the performance of the contract, the subject of which is the provision of the service.
3. When registering an account on the Website, the User shall provide:
a) e-mail address,
b) address data,
c) first and last name,
d) telephone number.
4. In the case of entrepreneurs, the above data shall be additionally extended by the company name and tax identification number of the entrepreneur.
5. When registering his/her account on the Website, the User shall set an individual password for access to his/her account. The User may change the password at a later stage.
6. When placing an order on the Website, the User provides the following data:
a) e-mail address
b) address
c) first and last names
d) telephone number.
7. In the case of entrepreneurs the above-mentioned data are extended by the company name and the tax identification number of the entrepreneur.
8. The provision of personal data to the store is voluntary in connection with the conclusion of purchase contracts, but with the proviso that failure to provide the User’s data specified in the forms will result in the User’s order not being placed and executed.
§3
Selected data protection methods used by the administrator
1. The login and personal data input areas are protected in the transmission layer (SSL certificate). This ensures that the personal data and login data entered on the website are encrypted on the user’s computer and can only be read on the destination server.
2. Personal data stored in the database is encrypted in such a way that only those who have the data key can read it. In this way, the data is protected in case the database is stolen from the server.
3. User passwords are stored in hashed form. The hash function works unidirectionally – it is not possible to reverse it, which is the modern standard for storing user passwords today.
4. The operator changes his administrative passwords at regular intervals.
5. The operator regularly makes backup copies to protect the data.
6. An important element of data protection is regular updating of all software used by the operator to process personal data, i.e. in particular regular updating of software components.
§ 4
Data sharing or delegation
1. The personal data of the user are transferred to the service providers used by the manager for the operation of the website. Depending on the contractual agreements and circumstances, the service providers to whom personal data are transferred are either subject to the instructions of the Administrator regarding the purposes and means of the processing of such data (processors) or determine the purposes and means of the processing themselves (administrators).
a) The Processor. The Administrator uses Suppliers that process Personal Data solely on the instructions of the Administrator. This includes, but is not limited to, suppliers that provide hosting and accounting services, suppliers that provide marketing systems, website traffic analysis systems, and marketing campaign effectiveness analysis systems.
b) The Administrator. The Administrator uses Suppliers who do not act solely on instructions and who decide themselves on the purpose and use of Users’ data. They provide electronic payment services and banking services.
2. The user’s data are stored:
a) if the basis for the processing of personal data is the Administrator, then the users’ data are processed by the Administrator as long as the consent is not revoked and after the consent is revoked for a period corresponding to the limitation period of claims that the Administrator may assert and that may be asserted against the Administrator. The limitation period shall be six years, unless a special provision provides otherwise, and for claims for regular services and claims related to the performance of business activities – three years.
b) If the basis for data processing is the performance of a contract, the personal data of the User shall be processed by the Administrator for as long as it is necessary for the performance of the contract and thereafter for a period corresponding to
the limitation period for claims. In the absence of a specific provision, the limitation period shall be six years, and three years for claims for recurring services and claims related to the performance of business activities.
3. Upon request, the Administrator shall provide personal data to the authorized state authorities, in particular to the organizational units of the Public Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office for Electronic Communications.
§ 5
Rights of the data subjects
1. Right to revoke consent:
a) The User has the right to revoke any consent given by the Administrator.
b) The revocation of consent is effective from the moment of revocation.
c) The withdrawal of consent shall not affect the processing carried out by the Administrator before the withdrawal by the law.
d) The withdrawal of consent shall not have any negative consequences for the User but may prevent the further use of services or functions that the Administrator can lawfully provide only with consent.
2. Right to object to the processing of data:
a) The User has the right to object at any time, on grounds relating to his/her particular situation, to the processing of his/her data, including profiling, where the Administrator processes his/her data based on legitimate interest, to keep statistics on the use of certain functions of the Website and to facilitate the use of the Website, as well as for satisfaction surveys.
b) Opting out in the form of an email from receiving marketing communications about products or services means that the user objects to the processing of their data, including profiling for these purposes.
c) If the User’s objection proves to be justified and the Administrator has no other legal basis for processing his/her data, the User’s data to the processing of which the User has objected shall be deleted.
3. Right to deletion:
a) The User has the right to request the deletion of all or part of the personal data.
b) The User has the right to request the deletion of the personal data if – the personal data are no longer necessary for the purposes for which they were collected or processed,
– he/she has withdrawn his/her explicit consent, insofar as the personal data were processed based on his/her consent,
– he/she has objected to the use of his/her data for marketing purposes,
– the personal data are processed unlawfully,
– the personal data must be erased to comply with a legal obligation under Union law or the law of a Member State.
c) Despite a request for the deletion of personal data in the context of an objection or withdrawal of consent, the administrator may retain certain personal data insofar as the processing is necessary for the establishment, exercise, or defense of claims and for compliance with a legal obligation which requires the processing under Union or Member State law. This applies in particular to personal data such as your first and last name, and your e-mail address, which are stored for processing complaints and claims in connection with the use of the services of the website, or in addition to your address/correspondence address, your order number, which is stored to process complaints and claims in connection with concluded sales contracts or the provision of services.
4. Right to restriction of data processing:
a) The user has the right to request the restriction of the processing of his/her data. The submission of a request shall prevent the use of certain functions or services, the use of which involves the processing of the data concerned by the request until it is examined. The Administrator will also not send communications, including marketing communications.
b) The User has the right to request the restriction of the use of his data in the following cases:
– if he/she questions the accuracy of his/her data, in which case the Administrator shall restrict the use of the data for the period necessary to verify the accuracy of the data, but not longer than seven days;
– if the processing of the data is unlawful and the User requests the restriction of its use instead of the deletion of the data;
– if the personal data are no longer necessary for the purposes for which they were collected or used,
– if the user has objected to the use of his/her data; in this case, the restriction shall apply for the period necessary to verify whether, due to the specific situation, the protection of the User’s interests, rights, and freedoms outweigh the interests pursued by the Administrator in the processing of the User’s data.
5. Right of access:
a) The User has the right to obtain confirmation from the Administrator as to whether it processes personal data and if so, the User has the right to access:
– gain access to his/her data,
– obtain information about the purposes of the processing, the categories of personal data processing, the recipients or categories of recipients of such data, the intended period of storage of the User’s data, or the criteria for determining that period (when it is not possible to determine the intended period of processing), the User’s rights under the GDPR and the right to complain with a supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union.
6. Right to rectification:
a) The user has the right to request the administrator to rectify without undue delay personal data concerning him that are inaccurate. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional explanation by addressing the request to the e-mail address.
7. Right to data portability:
a) The user has the right to obtain his/her data provided to the administrator and to transfer them to another administrator of his/her choice. The User shall also have the right to request that the personal data be transferred by the Administrator directly to the Administrator, to the extent technically feasible.
8. If the User exercises his or her right under the foregoing rights, the Administrator shall either comply with the request or refuse to
comply with the request without undue delay, but no later than one month after receipt thereof. However, if the Responsible Party is not able to comply with the request within one month, it shall comply with the request within the next two months by informing the User of the intended extension of the deadline and the reasons for it within one month of receipt of the request.
9. The User may submit complaints, inquiries, and requests to the Administrator regarding the processing of his/her data and the exercise of his/her rights.
10. The User has the right to request a copy of the standard contractual clauses from the Administrator by submitting a request.
11. The User has the right to submit a complaint to the President of the Personal Data Protection Office about the violation of his/her data protection rights or other rights granted under the GDPR.
§ 6
Additional information on the use of data
In certain situations, the Administrator has the right to transfer your data to other recipients if this is necessary for the performance of a contract concluded with you or for the fulfillment of the obligations incumbent on the Administrator. This applies to the following groups of recipients:
a) couriers
b) law firms and collection agencies
c) banks
d) authorized employees and partners who use the data for the operation of the website.
§7
Additional use of personal data
1. The website uses personal data additionally for the following purposes:
a) Operating a comment system
b) Operating an online forum
c) Operating an online chat
d) Operating a classified ad system
e) Presenting a user’s profile to other users
f) Displaying users
g) Processing requests via a form
h) Preparing, packaging, and shipping goods
i) Fulfilling ordered services
j) Collecting debts
k) Presenting offers or information
l) Operating a newsletter
2. The Website performs the functions of collecting information about users and their behavior in the following ways:
• Through the voluntary information provided in the forms entered into the Operator’s
systems.
• By storing cookies (so-called “cookies”) on the terminal devices.
§8
Safety management
1. The responsible party provides the users with a secure and encrypted connection to transfer personal data and log in to the user account on the website.
2. The responsible party uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted over the Internet.
3. In case a user with an account on the website www.idecha.pl
has lost his/her access password in any way, the website enables the generation of a new password. The responsible person does not send a password reminder. The password is stored in encrypted form so that it cannot be read. To generate a new password, the email address must be provided in the form available under the “Forgot Password” link on the account registration form on the Website. The User will receive an e-mail message to the e-mail address provided during registration or saved during the last change of the account profile, which will contain a redirect to a special form on the Website where the User will have the opportunity to set a new password.
4. The responsible person may not send any correspondence, including electronic correspondence, requesting the login data and, in particular, the password to access the user’s account.
§9
Consent to the processing of personal data
The User consents to the processing of personal data by ŁUKASZ JASZYNA, who operates a sole proprietorship under the name IDECHA COMPANY ŁUKASZ JASZYNA, for direct marketing of its products and services. The processing of data for this purpose is based on Article 6 par.1 point an of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC(GDPR).
