# 1: Who is the administrator of your personal data?
The administrator of your personal data is Kamila Dudojć running a business under the name “Ilantris Kamila Dudojć” with a permanent place of business at ul. Kwiatowa 3A, 64-920 Piła, NIP: 7642616373, REGON: 367435050.
# 2: Who can you contact regarding the processing of your personal data?
As part of the implementation of personal data protection in our organization, we decided not to appoint a personal data protection officer due to the fact that in our situation it is not mandatory. In matters related to the protection of personal data and broadly understood privacy, you can contact us at the e-mail address firstname.lastname@example.org.
# 3: What information do we have about you?
Depending on the purpose, we may process the following information about you:
first name and last name,
data contained in correspondence addressed to us,
details of orders placed,
Bank account number,
image (profile photo),
activity in relation to sent newsletters.
We have described the scope of the processed data precisely in relation to each processing purpose. Information in this regard can be found in the further part of this policy.
§ 4: Where do we get your personal data from?
In most cases, you pass them on to us yourself. This happens when:
you register a user account,
you place an order,
you submit a complaint or withdraw from the contract,
you subscribe to the newsletter,
you add a comment or opinion about the product,
you contact us.
In addition, some information about you may be automatically collected by the tools we use:
the website and newsletter system mechanisms collect your IP address,
the mechanism of the newsletter system collects information about your activity in relation to the content sent to you as part of the newsletter, such as opening messages, clicking on links, etc.
# 5: Is your data safe?
We care about the security of your personal data. We have analyzed the risks associated with individual data processing processes, and then implemented appropriate security and personal data protection measures. We monitor the condition of our technical infrastructure on an ongoing basis, train our staff, observe the procedures applied, and introduce necessary improvements. If you have any questions regarding your personal data, we are at your disposal at email@example.com.
# 6: For what purposes do we process your personal data?
There are more than one of these goals. Below is a list of them, followed by a more detailed discussion. We have also assigned the appropriate legal bases for processing to the individual purposes.
user account registration and maintenance – art. 6 sec. 1 lit. b GDPR,
order handling – art. 6 sec. 1 lit. b GDPR,
handling complaints or withdrawing from the contract – art. 6 sec. 1 lit. f GDPR,
sending the newsletter – art. 6 sec. 1 lit. a GDPR,
handling comments or opinions about a product – art. 6 sec. 1 lit. a GDPR,
correspondence handling – art. 6 sec. 1 lit. f GDPR,
fulfillment of tax and accounting obligations – art. 6 sec. 1 lit. c GDPR,
creating an archive for the possible need to defend, establish or pursue claims, as well as to identify a returning customer – art. 6 sec. 1 lit. f GDPR,
own marketing – art. 6 sec. 1 lit. f GDPR.
User account – details
When creating a user account, you must provide the data necessary to set up an account: e-mail address and password. Providing data is voluntary, but necessary to create an account.
As part of editing your account data, you can provide your further data, in particular data that may be used when placing orders, such as name and surname, address of residence or place of business, tax identification number, telephone number. As part of editing your account details, you can also set your avatar, e.g. a profile picture that includes your image.
In addition, our system used to handle user accounts saves your IP number that you used when registering your user account.
The data provided by you in connection with the creation of an account are processed in order to provide you with an electronic service consisting in providing
You the possibility of using your user account. This service is provided on the basis of a contract concluded on the terms described in the regulations, which means that in this respect the legal basis for the processing of your personal data is art. 6 sec. 1 lit. b GDPR.
The data will be stored for the duration of the user’s account. You can decide to delete your account at any time, but it will not delete information about your orders placed using the account from our database. Data about orders are stored in our archive until the expiry of the limitation period for claims under the contract / for the entire period of operation of the website due to the possibility of identifying the returning customer, recreating his purchase history, granted discounts, etc., which is our legitimate interest referred to in art. 6 sec. 1 lit. f GDPR.
Orders – details
When placing an order, you must provide the data necessary to complete the order. Depending on the order details, the data catalog may be different. For example, if you order physical products, we need to know the address to which to deliver the order to you. If you are requesting a VAT invoice for a company, we need to know the tax identification number and the business address. Providing data is voluntary, but necessary to place an order.
In addition, our system used to handle the ordering process saves your IP number that you used when placing the order.
Each order is saved in our database, which means that your personal data assigned to the order is also accompanied by information about the order, such as ordered products, selected payment method, selected delivery method, payment date.
The data collected in connection with the order are processed in order to perform the contract concluded by placing an order (Article 6 (1) (b) of the GDPR), issuing an invoice (Article 6 (1) (c) of the GDPR in connection with the provisions regulating the issues issuing invoices), taking into account the invoice in the accounting documentation and fulfilling other tax and accounting obligations (Article 6 (1) (c) of the GDPR in connection with the provisions regulating tax and accounting obligations) and for archival purposes for the purposes of the possible need to defend, establish or pursuing claims, as well as identifying a returning customer, which is our legitimate interest (Article 6 (1) (f) of the GDPR).
Data about orders will be processed for the time necessary to perform the order, and then until the expiry of the limitation period for claims under the contract. In addition, after this deadline, the data may still be processed by us for archival purposes for the possible need to defend, establish or pursue claims, as well as identify the returning customer. Remember also that we are obliged to keep accounting records, which may contain your personal data, for the period required by law.
Complaints and withdrawal from the contract – details
If you submit a complaint or withdraw from the contract, you provide the personal data contained in the complaint or the declaration of withdrawal from the contract, which includes your name and surname, address, telephone number, e-mail address, bank account number. Providing data is voluntary, but necessary to submit a complaint or withdraw from the contract.
The data provided to us in connection with the submission of a complaint or withdrawal from the contract are used to implement the complaint procedure or the procedure for withdrawal from the contract, and then for archival purposes, which is our legitimate interest (Article 6 (1) (f) of the GDPR).
The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaint documents will be kept until the expiry of the warranty rights. The statements of withdrawal from the contract will be kept together with the accounting documentation for the period required by law.
Newsletter – details
By subscribing to the newsletter, you provide us with your name and e-mail address. Providing data is voluntary, but necessary to subscribe to the newsletter.
In addition, our system used to handle the newsletter, saves your IP number that you used when subscribing to the newsletter, determines your approximate location, the e-mail client you use to handle e-mail and tracks your actions taken in connection with sent to You with the news. Therefore, we also know which messages you have opened, in which messages you clicked on links, etc.
The data provided to us in connection with the subscription to the newsletter is used to send you the newsletter, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the newsletter. Regarding the processing of information that does not come from you but was collected automatically by
our mailing system, we rely in this respect on our legitimate interest (Article 6 (1) (f) of the GDPR) consisting in analyzing the behavior of newsletter subscribers in order to optimize mailing activities.
You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or by simply contacting us. Despite unsubscribing from the newsletter, your data will still be stored in our database in order to identify the returning subscriber and possibly defend claims related to sending you the newsletter, in particular to demonstrate the fact that you consent to receiving the newsletter and the moment of its withdrawal, which is our legal legitimate interest referred to in art. 6 sec. 1 lit. f GDPR.
You can modify your data provided for the purposes of receiving the newsletter at any time by clicking on the appropriate link visible in each message sent as part of the newsletter or by simply contacting us.
Comments and opinions about products – details
When adding a comment or opinion about a product, you must provide at least a username that will be assigned to the comment or opinion (the name may contain personal data, such as your first or last name) and an e-mail address. Providing this data is voluntary, but necessary to add a comment or opinion. You can also add your avatar (it may contain your image, e.g. a photo) and provide the address of your website, but it is not obligatory.
The data provided in connection with adding a comment or opinion will be processed in order to publish a comment or opinion on the website. The basis for processing is your consent (Article 6 (1) (a) resulting from sending the form for publishing a comment or opinion. You can withdraw your consent at any time by requesting the removal of your comment or opinion.
Your comment or opinion will be publicly available on the website as long as it is available on the Internet, unless you request removal of the comment or opinion in advance. You can also modify the content of the comment at any time, as well as modify the data assigned to it as the person who added the comment or opinion.
Correspondence handling – details
By contacting us, you naturally provide us with your personal data contained in the correspondence, in particular your e-mail address and name and surname. Providing data is voluntary, but necessary to make contact.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. f GDPR, i.e. our legitimate interest. The legal basis for processing after the end of contact is also our legitimate purpose in the form of archiving correspondence for the purpose of ensuring the possibility of proving certain facts in the future (Article 6 (1) (f) of the GDPR).
The content of the correspondence may be archived and we are not able to clearly determine when it will be deleted. You have the right to request a history of correspondence with us (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to our overriding interests, e.g. defense against potential claims on your part.
Tax and accounting obligations – details
If we issue an invoice for you, it is part of the accounting documentation, which will be kept for the period of time required by law. In such a situation, your personal data is processed in order to fulfill our tax and accounting obligations (Article 6 (1) (c) of the GDPR in connection with the provisions governing tax and accounting obligations).
Archive – details
As part of the description of the individual purposes of personal data processing, which are above, we have indicated the time limits for the storage of personal data. These terms are often related to the archiving of certain data by us for the purposes of ensuring the possibility of proving certain facts in the future, reconstructing the course of cooperation with the client, exchanged correspondence, defense, establishing or pursuing claims. In this regard, we rely on our legitimate interest, referred to in art. 6 sec. 1 lit. f GDPR.
Own marketing – details
As part of our website, we use a mechanism for recovering abandoned carts. In a situation where you start the ordering process but do not complete it, our system will note this fact in order to take action to persuade you to finalize the order. These activities may include, in particular, sending you an e-mail with an incentive to complete your order or the display of a targeted advertisement while browsing the Internet.
We carry out the activities described above based on our legitimate interest, referred to in art. 6 sec. 1 lit. f GDPR consisting in the marketing of own products. You can object to actions conducted in this way at any time.
# 7: How long will we keep your personal data?
The data storage periods have been indicated separately for each processing purpose. You will find this information under the details for each separate processing purpose.
We draw your attention to the fact that we have adopted a model for storing your order data for the entire life of our website. We assume that it works for your benefit, because you can recreate the history of your purchases at any time, and additionally take advantage of discounts, if we provide such discounts for our regular customers. However, if you do not want your order data to be stored for so long, you can object to its storage for the described purpose at any time. However, we inform you that we see our overriding interest in storing data about the order until the expiry of the limitation period for claims under the sales contract concluded with us.
# 8: Who are the recipients of your personal data?
We risk saying that modern business is not able to do without services provided by third parties. We also use such services. Some of these services are related to the processing of your personal data. External service providers who are involved in the processing of your personal data are:
the hosting provider that stores the data on the server,
cloud computing service provider in which backups that may contain your personal data are stored,
provider of the mailing system in which your data is stored, if you are a newsletter subscriber,
CRM system provider in which we store your data in order to improve the customer service process and for archival purposes,
supplier of the invoicing system in which your data is stored for the purpose of issuing an invoice,
an accounting office that processes your data visible on invoices,
an entity providing maintenance services that gains access to data, if the technical works carried out relate to areas in which personal data are located,
other subcontractors who gain access to data, if the scope of their activities requires such access.
All entities listed above process your data on the basis of contracts for entrusting the processing of personal data concluded with us and guarantee an adequate level of personal data protection.
Your data is made available to courier companies to the extent necessary to deliver the order. These companies become independent administrators of your personal data.
If necessary, your data may be made available to a legal advisor or attorney bound by professional secrecy. The need may arise from the need to use legal assistance that requires access to your personal data.
Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, accounting and accounting obligations. It concerns in particular all declarations, reports, statements and other accounting documents in which your personal data is located.
In addition, if necessary, your personal data may be made available to entities, bodies or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, prosecutor’s offices.
What’s more, we use tools that collect a lot of information about you related to the use of our website. It concerns, in particular, the following information:
- information about the operating system and web browser you use,
- bystanders viewed,
- time spent on the site,
- transitions between individual subpages,
- clicks on individual links,
- the source from which you go to our site,
- the age range you are in,
- Your gender
- Your approximate location limited to the town.
- Your interests based on your online activity.
# 9: Do we transfer your data to third countries or international organizations?
Yes, part of the processing of your personal data may involve their transfer to third countries.
We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The suppliers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield program or using standard contractual clauses.
Personal data is stored on servers located in third countries using the following tools:
MailChimp mailing system, the provider of which is Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA – in terms of your name, e-mail address, IP address and statistical information related to your reactions to by us news,
Google services as part of the G-Suite package, the provider of which is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – in the scope of all data processed as part of Google services, including data contained in files synchronized with Google Drive.
Both Rocket Science Group LLC and Google Ireland Limited ensure an adequate level of protection of personal data through the use of compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.
# 10: Do we use profiling? Do we make automated decisions based on your personal data?
We do not make decisions for you based solely on automated processing, including profiling, which would have legal effects on you or similarly significantly affect you.
By using certain tools, we can, for example, direct personalized advertisements to you based on your previous actions taken on our website or suggest products that may be of interest to you. I am talking about the so-called behavioral advertising.
# 11: What rights do you have in relation to the processing of your personal data?
The GDPR grants you the following potential rights related to the processing of your personal data:
the right to access your data and receive a copy thereof,
the right to rectify (correct) your data,
the right to delete data (if in your opinion there are no grounds for us to process your data, you can request that we delete it),
the right to limit data processing (you can request that we limit the processing of data only to their storage or performance of activities agreed with you, if, in your opinion, we have incorrect data or we process it unjustifiably),
the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate a specific situation that, in your opinion, justifies the termination of the processing covered by the objection; we will stop processing your data for these purposes, unless we prove that the grounds for data processing by us override your rights or that your data is necessary for us to establish, assert or defend claims),
the right to transfer data (you have the right to receive from us, in a structured, commonly used, machine-readable format, personal data that you provided to us on the basis of a contract or your consent; you can commission us to send this data directly to another entity),
the right to withdraw consent to the processing of personal data, if you have previously given such consent,
the right to lodge a complaint with the supervisory body (if you find that we are processing data unlawfully, you can file a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).
The rules related to the implementation of the above-mentioned rights are described in detail in Art. 16 – 21 GDPR.
You can always ask us to provide you with information about what data we have about you and for what purposes we process it. All you need to do is send a message to firstname.lastname@example.org.
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system (own cookies) or ICT systems of third parties (third party cookies). In cookies, specific information can be saved and stored, to which ICT systems can then access for specific purposes.
Some of the cookies we use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the website (persistent cookies).
# 14: Can you disable cookies?
Yes, you can manage cookie settings within your web browser. You can block all or selected cookies. You can also block cookies from specific websites. You can also delete previously saved cookies and other website and plug-in data at any time.
# 15: For what purposes do we use our own cookies?
Own cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining a session after logging in to the account, remembering recently viewed products and products added to the basket, to support the mechanism of recovering abandoned baskets.
Own cookies also store information about the cookie settings defined by you, made from the level of the cookie management mechanism.
# 16: What third party cookies are used?
As part of our website, the following third-party cookies are used: Google Analytics, Facebook, and a social networking tool.
Google Analytics – details
We use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest, consisting in the creation of statistics and their analysis in order to optimize our websites.
The information we have access to as part of Google Analytics is, in particular:
information about the operating system and web browser you use,
subpages you are browsing,
time spent on the website and individual subpages,
transitions between individual subpages,
the source from which you go to our site.
Facebook – details
As part of the Facebook Ads advertising system provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA, we use available functions to target targeted advertising messages to specific groups of users. We carry out activities in this area based on our legitimate interest, consisting in the marketing of our own products or services.
The information collected as part of Facebook is anonymous, i.e. it does not allow us to identify you. Depending on your activity on our websites, you may reach a specific group of recipients, but we do not identify individual people belonging to these groups in any way.
Social tools – details
Our website uses plugins, buttons and other social tools, hereinafter collectively referred to as “plugins”, provided by social networking sites such as Facebook, Instagram.
The plugins collect certain information about you, such as user ID, website visited, date and time, and other information about the web browser. Social network administrators use some of this information to personalize the viewing conditions of our website
The information collected by plugins may also be used by administrators of social networking sites for their own purposes, such as e.g. improving their own products. You can look for details in this regard in the regulations and privacy policies of individual social networking sites.
# 17: Do we target targeted advertising at you?
Yes, we use Facebook Ads and Google Ads, in which we can target specific target groups defined on the basis of various criteria such as age, gender, interests, profession, job, activities previously undertaken on our website. These tools are described in detail in the third party cookie question, so we will not repeat this information here as well.
# 18: What are server logs?
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs. Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific people using the website and are not used by us to identify you. The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.
# 19: How does product availability notification work?
At your request, we will send you information electronically about the availability of the products you indicate. The condition for us to send such information is consent to receive commercial information about the products of the online store and the processing of personal data to the e-mail address provided. Providing data is voluntary, however, the lack of consent to the processing of personal data makes it impossible to send information about the availability of the product.