Home » Privacy policy

Privacy policy

Privacy policy 


§1. Personal data administrator 

  1. The administrator of personal data within the meaning of art. 4 point 7 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (GDPR) is Marcin Świątek conducting business activity at Em4is Marcin Świątek at ul. Ponarska 5 lok. 41, 03-890 Warsaw, NIP: 5242404850, REGON: 361955848.  
  2. Data Administrator's e-mail address: info@dosciekow.pl. 
  3. Administrator pursuant to art. 32 para. 1 GDPR observes the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to 
    personal data processed in connection with the business. 
  4. Providing personal data by the Customer is voluntary, but necessary to conclude a contract with the data administrator. 
  5. The data administrator processes personal data to the extent necessary to perform the contract or the provision of services to the data subject. 


§2. Purpose and basics of the processing of personal data 

The administrator processes personal data for the following purposes: 
a) preparation of a commercial offer in response to the customer's interest, which is a legitimate interest of the data administrator (Article 6 (1) (1) of the GDPR); 
b) conclusion and implementation of sales contracts with clients, on the basis of the concluded contract (Article 6 (1) (b) of the GDPR); 
c) provision of electronic services via the Online Store, on the basis of the concluded contract (Article 6 (1) (b) of the GDPR); 
d) service of the complaint process, based on an obligation to have a data administrator in connection with applicable law (Article 6 (1) (1) of the GDPR); 
e) accounting related to issuing and accepting settlement documents, on the basis of tax law (Article 6 (1) lit. C of the GDPR); 
f) archiving of data for the possible determination, investigation or defense against claims or the need to demonstrate facts, which is a legitimate interest of the data administrator (Article 6 (1) liter of the GDPR); 
g) telephone contact or via e -mail, in particular in response to queries addressed to the data controller, which is a legitimate interest of the data administrator (Article 6 (1) lit. f GDPR); 
h) sending technical information regarding the functioning of the Online Store and services used by the Customer, which is a legitimate interest of the data administrator (Article 6 (1) lit. f GDPR); 
i) marketing, which is its legitimate interest (Article 6 (1) (1) of the GDPR) or takes place on the basis of previously granted consent (Article 6 (1) lit. and GDPR). 


§3. Data recipient. Transfer of data to third countries 

  1. The recipients of personal data processed by the Data Administrator may be entities cooperating with the Data Administrator, when it is necessary for the implementation of the contract concluded with the data subject, e.g. electronic payment operators or banking institutions supporting installment payments. 
  2. The recipients of personal data processed by the Data Administrator may also be subcontractors - entities whose services are used by the data administrator when processing data, e.g. accounting offices, law firms, entities providing IT services (including hosting services). 
  3. The data administrator may be obliged to provide personal data on the basis of applicable law, in particular to provide personal data with authorized authorities or state institutions.  
  4. Personal data in connection with the administrator's use of tools for analysis and traffic on the website may be transferred to an entity based outside the European economic area, e.g. to Google LLC. As a relevant data protection means, the data administrator agreed to standard contractual clauses in accordance with art. 46 GDPR with suppliers of these services. More information on this subject is available here: https://commission.europa.eu/law/law-topic/data-protection_en. 

 
§4. Personal data storage period 

  1. The data administrator stores personal data over the duration of the contract concluded with the data subject and after the end of it for purposes related to the claim of claims related to the contract, performing obligations arising from applicable law, but for a time not longer than the limitation period in accordance with the provisions Civil Code. 
  2. The data administrator stores personal data on the settlement documents for the period indicated by the provisions of tax law. 
  3. The data administrator stores personal data processed for marketing purposes for a period of 10 years, but not further than until the consent to the processing of data or an objection to data processing. 
  4. The data administrator stores personal data for purposes other than those indicated in para. 1-3 for one year, unless the consent to data processing has been withdrawn earlier, and data processing cannot be continued on a basis other than the consent of the data subject. 


§5. The rights of the data subject

  1. Each data subject has the right: 
    a) access - obtaining from the Administrator confirmation whether its personal data is processed. If the data about the person is processed, it is entitled to access them and obtain the following information: on processing purposes, personal data categories, information about recipients or categories of recipients who have been or will be disclosed, about the period of data storage or about the criteria for their determining, about the right to demand rectification, deletion or limitation of the processing of personal data due to the data subject, and to object to such processing (Article 15 of the GDPR); 
    b) to receive a copy of the data - obtaining a copy of data subject to processing, with the first copy is free, and for subsequent copies the Administrator may impose a fee in a reasonable amount resulting 
    from administrative costs (Article 15 (3) of the GDPR); 
    c) to be rectified - demanding to rectify her personal data, which are incorrect or supplementing incomplete data (Article 16 GDPR); 
    d) to delete the data - demanding its personal data, if the Administrator has no legal basis for their processing or data are no longer necessary for the purposes of processing (Article 17 GDPR); 
    e) to limit processing - a request to limit the processing of personal data (Article 18 GDPR), when: - The data subject questions the correctness of personal data - for a period allowing the administrator to check the correctness of this data, - the processing is unlawful, and the person of which the data relate, they are opposed to deletion, demanding a limitation of their use, - the Administrator does not need this data anymore, but they are needed by the data subject to the determination, investigation or defense of claims, - the data subject has objected In view of the processing - until it is found whether the legitimate grounds on the administrator's side are superior to the basis of the objection of the person to whom 
    concern; 
    f) for transferring data - receiving in a structured, commonly used format suitable for machine reading personal data regarding it, which it provided to the Administrator, and request to send this data to another administrator, if the data is processed on the basis of consent 
    the data subject or the contract concluded with it and if the data is processed in an automated manner (Article 20 of the GDPR); 
    g) to oppose - object to the processing of her personal data in legitimate purposes of the administrator, for reasons related to its special situation, including profiling. Then 
    The administrator assesses the existence of valid legitimate grounds for processing, superior to interests, rights and freedoms of data subjects, or grounds for determining, investigating or defending claims. If, according to the assessment of the interests of the data subject, they are more important than the interests of the Administrator, the Administrator will be obliged to stop processing data for these purposes (Article 21 of the GDPR).
  2. To exercise the above -mentioned rights, the data subject should contact us using the given contact details, with the administrator and inform him which rights and to what extent he wants to use. 
  3. The data subject has the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection in Warsaw. 

§6. Profiling

  1. Personal data obtained by the Data Administrator may be processed automatically - including in the form of profiling. Profiling of personal data made by the Data Administrator consists in assessing selected information about the data subject for the purposes of analysis and forecasts of personal preferences and interests, in particular for the possibility of passing on to the person subject to the person who relates to the personalized offer. 
  2. Automatic data processing made by the Data Administrator does not give birth to any legal effects for the data. The data subject may at any time object to the automated processing of his data. 

§7. Google Analytics

  1. The administrator uses Google Analytics, an online analytical service provided by Google Inc. based in the USA. 
  2. Google Analytics uses cookies that allow the user to analyze the use of the website. The information produced by a cookie on the use of the website is transmitted and saved on the Google server. At the request of the administrator, Google will use 
    This information to analyze the use of the website by Users in order to prepare reports on the website's activity and the provision of other services related to the use of the website and the Internet to the ordering entity. 
  3. The data will not be used for the purpose of identifying any natural person. 
  4. The user may prevent you from saving cookies through the appropriate browser settings; In this case, however, he will not be able to use the full functionality of the site. In addition, users may prevent Google from collecting data produced by cookies and referring to their use of the website (including IP address) as well as the processing of these data by Google, downloading and installing the browser plugin available at the following link: https: // tools.google.com/dlpage/gaoptout?hl=pl. 
  5. At any time, the user may object to the collection and processing of data related to the use of Google by downloading and installing the plug in the browser, which is available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en. 


§8. Social plugins

  1. The administrator on the website uses plugins to social networks. The plugins in question are marked with the logo of a given social networking site.
  2. The data is sent to social networks only if the user actively clicked the appropriate plug button. After pressing the plugin, the web browser will start connecting to the servers of a given social networking site, and the user will be redirected to the external service provider's website, i.e. the owner of a given social network, and the user's web browser will establish a direct connection with the servers of these social networking sites. The use of these functions can 
    be associated with the use of external cookies. From the moment you click on a given plugin, personal data is processed on a given social networking site, and the owner of a social networking site becomes a co -ministor of personal data. The administrator informs that from the moment of active clicking through the plug -in button, the administrator does not affect the nature and scope of personal data collected by a given social network.
  3. The data is sent regardless of whether the user has an account on a given social networking site or whether it is logged in. In the event that the user is logged in on a given social platform, the collected personal data will be directly assigned to the account he uses (profile).
  4. In order to obtain more information on the purpose and scope of collecting personal data, including the principles of their processing by the provider of a given portal, you should read the privacy policies of these suppliers.