1. GENERAL PROVISIONS
1.2. The administrator of personal data collected through the Online Store is the company ŚWISTOWSKI SPÓŁKA AKCYJNA with headquarters in Toruń (address: Rydygiera 41A, 87-100 Toruń and address for delivery: Stary Toruń 70, 87-134 Zławieś Wielka), Entered in the Register Entrepreneurs of the National Court Register under KRS number 0000031964; registry court, in which the company's documentation is stored: District Court in Toruń, VII Commercial Department of the National Court Register; NIP: 8792284393; REGON: 871556540; share capital in the amount of PLN 4,000,000.00 fully paid up; electronic mail address: firstname.lastname@example.org - hereinafter referred to as the "Administrator" and being at the same time the Online Store Service Provider and the Seller.
1.3. The personal data of the Service Recipient and Customer are processed in accordance with the Personal Data Protection Act of 29 August 1997 (Journal of Laws 1997 No. 133, item 883, as amended) (hereinafter: the Personal Data Protection Act), the Act on providing services by electronic means of July 18, 2002 (Journal of Laws 2002 No. 144, item 1204, as amended) and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC.
1.4. The Administrator takes special care to protect the interests of data subjects, and in particular, ensures that the data collected are processed in accordance with the law; collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; factually correct and adequate in relation to the purposes for which they are processed and stored in a form that enables identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing.
1.5. All words, phrases and acronyms appearing on this website and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store website.
2. PURPOSE AND SCOPE OF DATA COLLECTION AND RECIPIENTS OF DATA
2.1. Each time, the purpose, scope and recipients of data processed by the Administrator result from actions taken by the Service User or Customer in the Online Store. For example, if the Customer chooses personal collection instead of courier when placing the Order, then his personal data will be processed for the conclusion and implementation of the Sales Agreement, but will no longer be made available to the courier performing the shipment at the request of the Administrator.
2.2. Possible purposes of collecting personal data of Service Recipients or Customers by the Administrator:
2.2.1. Conclusion and implementation of the Sales Agreement or contract for the provision of Electronic Services (e.g. account).
2.2.2. Direct marketing of the Administrator's own products or services.
2.3. Possible recipients of personal data of Online Store Customers:
2.3.3. In the case of a Customer who uses the Online Store with the method of delivery by post or courier, the Administrator provides the Customer's collected personal data to the selected carrier or intermediary performing the shipment at the request of the Administrator.
2.3.4. In the case of a Customer who uses the Online Store with the method of electronic payments or a payment card, the Administrator provides the collected personal data of the Customer to the selected entity operating the above payments in the Online Store.
2.4. The Administrator may process the following personal data of Service Recipients or Customers using the Online Store: name and surname; e-mail address; contact telephone number; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address). In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer.
2.5. Providing personal data referred to in the point above may be necessary for the conclusion and implementation of the Sales Agreement or contract for the provision of Electronic Services in the Online Store. Each time, the scope of data required to conclude a contract is indicated previously on the Online Store website and in the Online Store Regulations.
3. COOKIES AND OPERATING DATA
3.1. Cookies is the term used for small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store website (e.g. on the hard disk of a computer, laptop or on the smartphone's memory card - depending on which device is used while visiting our Online Store). Detailed information on Cookies, as well as the history of their creation can be found, among others here: http://pl.wikipedia.org/wiki/Ciasteczko.
3.2. The administrator may process the data contained in cookies when visitors use the Online Store website for the following purposes:
3.2.5. identification of Service Users as logged in to the Online Store and showing that they are logged in;
3.2.6. Remembering Products added to the basket to place an Order;
3.2.7. Remembering data from completed Order Forms, surveys or login data to the Online Store;
3.2.8. Adapting the content of the Online Store website to the individual preferences of the Service Recipient (e.g. regarding colors, font size, page layout) and optimizing the use of Online Store pages;
3.2.9. Keeping anonymous statistics showing how to use the Online Store website.
3.5. Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers are available in the help section of the web browser.
3.6. The administrator also processes anonymized operational data related to the use of the Online Store (IP address, domain) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous, i.e. they do not contain features that identify visitors to the Online Store. These data are not disclosed to third parties.
4. BASIS FOR DATA PROCESSING
4.1. Providing personal data by the Service Recipient or Customer is voluntary, however failure to provide the personal data indicated on the Online Store website and the Online Store Regulations, necessary for the conclusion and implementation of the Sales Agreement or contract for the provision of Electronic Services, results in the inability to conclude this contract.
4.2. The basis for processing personal data of the Service Recipient or Customer is the need to perform the contract to which they are a party or take action at their request before its conclusion. In the case of data processing for the purpose of direct marketing of the Administrator's own products or services, the basis for such processing is (1) the prior consent of the Service Recipient or Customer or (2) fulfillment of legally justified purposes pursued by the Administrator (pursuant to Article 23 (4) of the Personal Data Protection Act the legally justified purpose is in particular direct marketing of the Administrator's own products or services).
4.3. The administrator of personal data after completing the order and completing the contract and passing the time to terminate the contract by the Service Recipient or Customer is obliged to delete their data. This situation does not occur if the Service Recipient or Customer has consented to the processing of personal data
5. CONTROL LAW, ACCESS TO YOUR DATA AND IT’S CORRECTION
5.1. The Service Recipient or Customer has the right to access their personal data and correct it.
5.2. Each person has the right to control the processing of data concerning them and contained in the Administrator's data set, and in particular, the right to: request supplementing, updating, rectifying personal data, temporarily or permanently suspending their processing if they are incomplete, outdated, incorrect or have been collected in violation of the Act or are no longer needed to achieve the purpose, for which they were collected.
5.3. If the Customer gives consent to the processing of data for direct marketing of the Administrator's own products or services, the consent may be revoked at any time.
5.4. If the Administrator intends to process or processes the Service Recipient's or Customer's data for direct marketing of the Administrator's own products or services, the person whose data relates to, is also entitled to (1) submit a written, reasoned request to cease processing of their data due to their special situation or to (2) object to the processing of the data.
5.5. The customer has the right at any time to request the deletion of his data, in particular if: personal data are not necessary for the purposes for which they were collected or the person withdrew their consent to their processing.
6. FINAL PROVISIONS
6.2. The administrator uses technical and organizational measures to ensure the protection of processed personal data are appropriate to the threats and categories of data protected, and in particular protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable laws and their changes, loss, damage or destruction.
6.3. The administrator provides the following technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons:
6.3.10. Securing the data set against unauthorized access.
6.3.11. Access to the Account only after providing the individual login and password.