Sylwia Romaniuk Sp. z o. o. respects the right of its Clients and Users of the website http://www.sylwiaromaniuk.com (hereinafter collectively referred to as the „Clients”) to privacy and guarantees them the right to choose in terms of sharing of their personal data. We make every effort to ensure that the personal data of our Clients and Users are processed in accordance with the applicable provisions of Polish and EU law.
The controller of personal data collected via website http://www. sylwiaromaniuk.com (hereinafter referred to as „Website”) is Sylwia Romaniuk Sp. z o. o. based in Warsaw, Aleje Ujazdowskie 41, 00-540 Warsaw, entered in the Commercial Register kept by the District Court for the capital city of Warsaw, XII Division of the National Court Register, under the KRS number: 631044, NIP: 7010601940, REGON: 36511569, with the share capital of 5000,00 PLN; e-mail: firstname.lastname@example.org (hereinafter referred to as „Controller”).
What does it mean? The Controller decides about the purposes and methods of personal data processing, i.e. how this data will be used.
How to contact us regarding personal data? In all matters related to the processing of personal data and the implementation of the rights of entities subject to their processing, please contact us via e-mail – email@example.com or in writing to the address: Al. Ujazdowskie 41, 00-540 Warsaw, postscript: „Data Protection Officer”.
Please get acquainted with the information clause in which we indicate how the personal data you provide to us will be processed:
1. Personal data are processed in order to provide the services to the Customer, to manage the delivery of the Customer’s orders and perform the contract and its settlement as well as to maintain the relationship with the Customer. Personal data are also processed for marketing purposes of the Controller or third parties, sending newsletters pursuant to the Customers consent, as well as in connection with the legitimate interest pursued by the Controller namely marketing of its own products and services, post-sale customer services.
2. The recipients of the personal data may be the entities providing the belowmentioned services:
as well as public authorities to which Personal data is transferred due to legal regulations.
3. The Controller does not intend to transfer Personal data to a third country or international organisation.
4. Personal data will be processed during the implementation of a goal for which they have been collected, until the expiry of claims associated with the Customer or in case when the processing of data is necessary in order to seek claims or defend against claims, which is a legally justified interest of the Controller, as well as until the newsletter will be available or until the consent will be withdrawn.
5. The Customer have the right to:
– request the access to and rectification or erasure of personal data or restriction of processing concerning the data subject, or to object to processing or to raise an objection to the processing, as well as the right to data portability,
– where the processing is based on art. 6 par. 1 letter a) or art. 9 par. 2 letter a) GDPR- to withdraw the consent to the processing at any time; without affecting the lawfulness of processing based on consent before its withdrawal,
– not being subject to automated decision making, including profiling,
– lodge a complaint with the supervisory authority.
6. Providing the data is a requirement necessary to enter into an agreement and carry out the transaction. Providing the data is voluntary. The consequence of not providing required personal data is the lack of possibility to use the functionalities of our marketplace and to finalize transaction. In case of the consent for marketing purposes granted by the Customer the consequence of not giving such consent will be the inability to receive information regarding the services offered by the Controller or third parties in the form of a newsletter or any other form.
7. Your personal data will not be processed in an automated way.
8. After processing the personal data for the original purpose, such data will not be processed for any other purpose without the Customer’s consent.
WHICH DATA WE PROCESS
We process the data which the Client provides or provided to us in the browsing history of the website as part of using our services as well as those which are provided to us by e-mail correspondence or the form available on the website. The Client provides us with their personal data necessary to performing services for the Client, for example to fulfil their order, its delivery, receipt of a personalized offer, information about new products and promotional campaigns.
Due to the above, the Controller processes the following types of the Clients’ personal data:
- – Name and surname, name of the company if applicable;
- – Address;
- – Phone number;
- – E-mail address;
- – Bank account number;
- – Tax identification number in case of Clients conducting business activity.
Expressing consent is voluntary and the Client can withdraw it at any time by sending information about it to the e-mail address – firstname.lastname@example.org or in writing to the address: Al. Ujazdowskie 41, 00-540 Warsaw. However, the withdrawal of consent will not affect the lawfulness of data processing on the basis of consent prior to the withdrawal.
Personal data of the Clients is processed in accordance with the generally applicable provisions of law, especially with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
PURPOSE AND SCOPE OF DATA PROCESSING
Personal data is collected by Sylwia Romaniuk Sp. z o. o. to perform services electronically, to conclude and execute the Product Sales Agreement and to deliver them to the Client, as well as for marketing purposes and maintaining relations with the Client.
Data provided by the Clients are collected and used for the purpose of:
- – execution of the product sales agreement offered via the Website and the undertaking of actions, at the Client’s request, to lead to the conclusion of such a contract with the Client,
- – marketing of the Controller’s products and services,
- – contact with the User, including the execution of the product sales agreement offered via Website, in particular to maintain the relationship with the Client, as well as a part of the complaint procedure.
BASIS FOR DATA PROCESSING AND PERIOD OF PROCESSING
The basis for the processing of personal data of Clients by the Controller is the conscious, voluntary and explicit consent of Clients (processing of personal data for marketing purposes) or the authorization under the law to process personal data, in particular to the extent necessary to perform the contract or to undertake actions at the Client’s request to conclude such a contract.
- – Performing the contract between the Client and the Controller – processing is carried out on the basis of art. 6 para. 1 letter b) GDPR (indispensability to perform the contract to which the Client is a party).
In this case, the personal data of Client are processed until the expiry of the contract, with proviso that sometimes, these data can be processed also after the contract expires, but only if it is allowed or required in the light of applicable law, for example: processing for statistical purposes, billing or pursue claims.
- – Statistical purposes and products marketing – processing is carried out on the basis of art. 6 para. 1 letter. f) GDPR (justified interest of the Controller).
In this case, the personal data of Client are processed until the effective objection is made.
- – Marketing of products and services of third parties – processing is carried out on the basis of art. 6 para. 1 letter. a) GDPR (voluntary consent).
In this case, the personal data of the Client are processed until the consent is withdrawn.
Using the services offered by Sylwia Romaniuk Sp. z o. o. requires individualisation of the people for whom these services are to be provided. Therefore, providing personal data is prerequisite for using the services, in particular placing an order for products offered by Sylwia Romaniuk Sp. z o. o.. The consequence of not providing the personal data required by the Administrator is the inability of the Client to use the services electronically.
The Users remain anonymous until submitting their personal data in the ordering process for products offered by Sylwia Romaniuk Sp. z o. o. or in the course of using another service available in the Website(for example: subscription to the Controller’s newsletter).
RIGHTS OF INDIVIDUALS REGARDING THE PROCESSING OF THEIR PERSONAL DATA
Clients who have entrusted us with processing their personal data have the following rights in relations to the processing of these data:
- – the right to access personal data about the Client, including obtaining a copy of the data,
- – the right to rectify personal data,
- – the right to erase personal data (in certain situations),
- – the right to lodge the complaint with the supervisory body dealing with the protection of personal data,
- – the right to limit the processing of personal data,
- – the right to object to the processing of personal data.
If personal data are processed on the basis of the consent:
- – the right to withdraw consent in the scope in which they are processed on this basis.
Withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal.
If personal data is processed on the basis of consent or as part of the provided services:
- – the right to transmit personal data, i.e. to receive from the Controller your personal data in a structured, commonly used, machine-readable format. The Client can send this data to another data controller.
In order to exercise the above rights, please contact the Controller – email@example.com.
ENTTIES WITH ACCESS TO PERSONAL DATA
Clients’ personal data may be transferred to entities that process personal data on behalf of the Controller, including IT service providers, marketing agencies etc. These entities process data on the basis of an agreement with the Controller and only in accordance with its instructions.
In such cases, third parties are required to respect the confidentiality and security of information and verify that they provide adequate protection of personal data.
In case of Clients who use product courier delivery , the Controller provides the collected personal data of the Client, to the extent necessary for performing the delivery, to UPS Polska Sp. z o.o. based in Warsaw (01-222), Prądzyńskiego 1/3, entered in the Commercial Register kept by the District Court for the capital city of Warsaw, XII Division of the National Court Register, under the KRS number: 0000036680, NIP: 5221004200, REGON: 01077128, with a share capital of 5 027 000,00 PLN.
Personal data of Clients may be also transferred to entities authorized to obtain them under applicable law, e.g. law enforcement authorities.
The entity entering information in the form of cookies in the Client’s end device Client (for example: computer, laptop, smartphone, Smart TV) and gaining access to them is the Controller.
Cookies are IT data, small text files, sent by the server and saved on the user’s side of the Website (for example: on the hard drive of a computer, laptop or on a smartphone’s memory card).
Cookies usually contain the name of the domain of the Website from which they originate, their storage time on the final device and a unique number. Cookies are not used to identify the customer and their identity is not determined on their basis.
- – adapting the content of the Website to User’s preferences and optimizing the use of the Platform; e.g. cookies allow in particular to identify the User’s device and properly display the Platform adapted to their individual needs – for example the language version;
- – presentation of advertisements in a way that takes into account the interests of the User or their place of residence (individualising the advertising message) and with the guarantee of excluding the possibility of repeatedly presenting the same advertisement to the User;
- – so that the Website can operate faster and be easier to use;
Cookies used by the Website are safe and do not cause configuration changes in the device or the Client’s software.
TYPES OF COOKIES
The Website uses the following types of Cookies:
- – „session” – temporary files stored on the User’s end device until logging out, leaving the website and application or turning off the software (web browser);
- – „fixed” – stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User.
In many cases, software used for browsing websites (web browser) allows for the storage of information in the form of cookies and other similar technologies by default in the Client’s end device.
However, the User can change these settings at any time.
Failure to change means that the above information can be posted and stored on its end device, and thus that we will store information on the User’s end device and access this information. From the level of the web browser used by the User, it is possible to manage cookies manually. The most popular browsers include the option to:
- – accept cookies, which allows the User to fully use the options offered by websites;
- – manage the cookie files at the level of individual sites selected by the User;
- – define settings for various types of Cookies, for example to accept files as permanent, as session etc.;
- – block or delete Cookies.
Additional information about Cookies and other technologies can be found at such websites as youronlinechoices.com or in the Help section in the browser menu.
LINKS TO THIRD PARTY WEBSITES
Sylwia Romaniuk Sp. z o.o. utilizes technical and organizational measures to ensure protection of the processed personal data, appropriate to threats and categories of data subject to protection. In particular, it protects the data from unauthorized access, possession by unauthorized persons, processing in violation of applicable laws as well as unauthorized change, loss, damage or destruction.
Revision date 2018, May 25