1. For the Owner of this website, the protection of Users’ personal information is of utmost importance. He makes great efforts to ensure that Users feel secure in entrusting their personal information when using the website.
2. A User is an individual, a legal entity or an organizational unit without legal personality, which is granted legal capacity by law, using the electronic services available on the website.
4. The Administrator uses the most modern technical measures and organizational solutions to ensure a high level of protection of the processed personal data and security against unauthorized access.
I. PERSONAL DATA CONTROLLER
The administrator of the personal data is the Entrepreneur Mr. Marcin Podskarbi, doing business under the name: Totu Legal Marcin Podskarbi, with registered office at: Nowy Świat 33/13, 00-029 Warsaw, Tax Identification Number (NIP): 499-04-30-255, registered in the Central Register and Information on Business Activity of the Republic of Poland, maintained by the Minister responsible for economy.
(hereinafter referred to as the “Owner“).
The person whose data is processed may submit requests from the field of data information, or data processing by e-mail.
The email address for contacting the data controller is: firstname.lastname@example.org
II. PURPOSE OF PERSONAL DATA PROCESSING
1. The Administrator processes the User’s personal data in order to:
The Administrator, through the Website and other forms of communication, collects and processes the following specified personal data of Users provided during the processes of registration on the Website: name and surname, address of residence, e-mail address, telephone number for the purpose of payment through the store website.
2. This means that this data is needed in particular to
a. registering on the website;
b. to conclude a contract;
c. make settlements;
d. delivery of goods ordered by the User or performance of services;
e. the User’s exercise of any consumer rights (e.g. withdrawal from the contract, warranty).
3. The User may also agree to receive information on news and promotions, which will also cause the administrator to process personal data, in order to send the User commercial information regarding, among other things, new products or services, promotions or sales.
4. Personal data shall also be processed in fulfillment of legal obligations incumbent on the data controller and the performance of tasks in the public interest, including, among others, to perform tasks related to security and defense or storage of tax records.
5. Personal data may also be processed for the purposes of direct marketing of products, securing and asserting claims or protecting against claims by the User or a third party, as well as marketing of services and products of third parties or marketing of our own, which is not direct marketing.
Accepted payment methods
The Customer may choose the following forms of payment for the ordered Goods: payment card, electronic transfer through a third-party payment system operated by Stripe.
Information about the cost of services
The cost of services ranges from 400 PLN to 50,000 PLN and depends on the type of service.
III. DATA TYPE
1. The administrator shall process the following personal data, the provision of which is necessary for:
a. registration on the website:
– first and last name;
– e-mail address;
b. to make purchases through the website:
– first and last name;
– delivery address;
– telephone number;
– e-mail address;
c. Optional data provided by the User:
– date of birth;
– PESEL number (in case of an invoice request);
– NIP number (in case of requesting an invoice for an entrepreneur).
2. In the case of withdrawal from the contract or acknowledgment of a complaint, when the refund is made directly to the User’s bank account, we also process information, concerning the bank account number, in order to make the refund.
IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA
1. Personal data shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as the “RODO Regulation“.
2. The Administrator shall process personal data only upon prior consent of the User, given at the time of registration on the website or at the time of confirmation of a transaction made on the website.
3. The granting of consent for the processing of personal data is completely voluntary, however, the lack of consent prevents registration on the website and making purchases, through the website.
V. YOUR RIGHTS
1. The user may at any time request information from the administrator about the scope of processing of personal data.
2. The user may at any time request the correction or rectification of his personal data. The user can also do this on his/her own, after logging into his/her account.
3. The user may withdraw his consent to the processing of his personal data at any time, without giving any reason. The request not to process the data may concern a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information, or concern all purposes of data processing. Withdrawal of consent as to all processing purposes will result in the User’s account being deleted from the website, along with all the User’s personal data previously processed by the administrator. The withdrawal of consent will not affect the activities already performed.
4. The user may request at any time, without stating a reason, that the administrator delete his/her data. The request to delete the data will not affect the activities already performed. Deletion of data means simultaneous deletion of the User’s account, together with all personal data stored and processed by the administrator to date.
5. The User may at any time object to the processing of personal data, both with regard to all personal data of the User processed by the administrator, as well as only in a limited scope, e.g. as to the processing of data for a specifically indicated purpose. The objection will not affect the activities performed so far. Raising an objection will result in the deletion of the User’s account, together with all personal data stored and processed to date, by the administrator.
6. The User may request the restriction of the processing of personal data, whether for a certain period of time or without a time limitation, but within a certain scope, which the administrator will be obliged to fulfill. This request will not affect the activities performed so far.
7. The user may request that the controller transfer to another entity, the processed personal data of the user. For this purpose, he should write a request to the administrator, indicating to which entity (name, address) the User’s personal data should be transferred and what specific data the User wishes the administrator to transfer. After the User confirms his request, the administrator will transfer, in electronic form, to the indicated entity, the User’s personal data. Confirmation of the request by the User is necessary for the security of the User’s personal data and to be sure that the request comes from an authorized person.
8. The Administrator shall inform the User of the action taken, before the expiration of one month from the receipt of one of the requests listed in the preceding paragraphs.
9. The User has the right to file a complaint related to the processing of personal data to the supervisory authority i.e. the President of the Office for Personal Data Protection.
VI. RETENTION PERIOD OF PERSONAL DATA
1. As a general rule, personal data shall be retained only as long as necessary to fulfill the contractual or statutory obligations for which it was collected. The data will be deleted immediately when storage is no longer necessary, for evidentiary purposes, in accordance with civil law or in connection with a statutory obligation to retain data.
2. Information, related to the contract, shall be stored for evidentiary purposes, for a period of three years, starting from the end of the year in which the business relationship with the User was terminated. Deletion of data will take place after the expiration of the statutory limitation period for the assertion of contractual claims.
3. In addition, the administrator may retain archival information relating to concluded transactions, as their storage is related to the User’s claims, such as warranty.
4. If no contract has been concluded, between the User and the Owner, the User’s personal information is stored until the User’s account on the website is deleted. Deletion of the account may occur as a result of a request by the User, withdrawal of consent to the processing of personal data, or objection to the processing of such data.
VII. ENTRUSTING DATA PROCESSING TO OTHER ENTITIES
1. The Administrator may entrust the processing of personal data to entities cooperating with the Administrator to the extent necessary for the execution of the transaction, e.g. for the preparation of the ordered goods and delivery of shipments or transmission of commercial information, originating from the Administrator (the latter applies to Users who have agreed to receive commercial information).
3. Personal data of Website Users shall not be transferred outside the European Union.
VIII. COOKIES FILES
2. Cookies are fragments of information that contain a unique reference code, which the website sends to the User’s device, in order to store, and sometimes track information, regarding the device used. They usually do not allow to identify the User’s person. Their main purpose is to better tailor the website to the User.
3. Some of the cookies present on the website are only available for the duration of a given web session and expire when the browser is closed. Other cookies are used to remember the User when he or she returns to the website. They are then retained for a longer period of time.
4. cookies used on this website are:
1 month: cck3 deleted after one month after closing the browser.
5. All cookies, occurring on the website, are set by the administrator.
6. All cookies, used by this website, comply with the applicable laws of the European Union.
7. Most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be stored in the memory of the device.
8. The User may change his/her preferences, regarding the acceptance of cookies, or change the browser so that he/she can receive an appropriate notification each time the cookie function is set. To change your cookie acceptance settings, adjust the settings in your browser.
9. It is worth remembering that blocking or deleting cookies may prevent full use of the website.
10. cookies will be used for necessary session management, including:
a. Creating a special login session for the Website User, so that the Website remembers that the User is logged in, and that the User’s requests are delivered in an efficient, secure and consistent manner;
b. Recognizing a User who has visited the website before, so that the number of unique users who have used the website can be identified and so that the website can ascertain sufficient capacity for the number of new users;
c. Recognizing whether a visitor to the website is registered with the website;
d. Recording information from the User’s device, including: cookies, IP address, and information about the browser used, in order to be able to diagnose problems, administer and track Website Usage;
e. Customizing elements of the layout or content of the website;
f. To collect statistical information about how the User uses the Site, in order to be able to improve the Site and determine which areas of the Site are most popular with Users.