- The administrator of the personal data collected through the online shop www. nicromi.com is Krzysztof Nieroba doing business under the name NICROMI ENGINEERING KRZYSZTOF NIEROBA registered in the Central Business Register and Information on Business Activities of the Republic of Poland kept by the competent minister for economy, place of business and address for delivery: ul. Poziomkowa 11, 43-186 Orzesze, NIP: 6351856994, REGON: 388461909, electronic mail address (e-mail): firstname.lastname@example.org, hereinafter referred to as “Administrator” and being at the same time “Service Provider”.
- The personal data collected by the Administrator through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as
THE TYPE OF PERSONAL DATA PROCESSED, THE PURPOSE AND SCOPE OF THE DATA COLLECTION
- PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data of Customers of the Shop www. nicromi.com in case:
- registration of an Account in the Shop, in order to create an individual account and manage that Account, pursuant to Article 6(1)(b) of the RODO (performance of a contract for the provision of electronic services in accordance with the Rules of the Shop),
- placing an order in the Shop, for the purpose of fulfilling the sales contract, on the basis of Article 6(1)(b) RODO (fulfilment of the sales contract).
- the use of the Contact Form, in order to send a message to the Administrator, on the basis of Article 6(1)(f) RODO (legitimate interest of the entrepreneur).
- THE TYPE OF PERSONAL DATA PROCESSED. The Customer shall provide, in the case of:
- Accounts: name, login, address, e-mail address.
- Orders: name, address, VAT, e-mail address, telephone number.
- Contact Form: name, email address.
- PERIOD OF ARCHIVING OF PERSONAL DATA. The personal data of the Clients are stored by the Administrator:
- where the basis for data processing is the performance of a contract, for as long as is necessary for performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless otherwise stipulated by a specific provision, the period of limitation shall be six years, and for periodic performance claims and claims related to the conduct of business activity – three years.
- in the case where the basis for data processing is consent, for as long as the consent is not revoked, and after the revocation of consent, for a period of time corresponding to the period of limitation of claims which the Administrator may assert and which may be asserted against him. Unless a specific provision of law provides otherwise, the period of limitation shall be six years, and for claims for periodic performance and claims related to the conduct of business activity – three years.
- When using the Shop, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
- Upon separate consent, pursuant to Article 6(1)(a) of the RODO, data may also be processed to send commercial information by electronic means or to make telephone calls for the purpose of direct marketing – respectively, in connection with Article 10(2) of the Act of 18 July 2002 on the provision of services by electronic means or Article 172(1) of the Act of 16 July 2004 – Telecommunications Law, including those directed by profiling, provided that the Customer has given the appropriate consent.
- Navigation data may also be collected from Customers, including information on links and references they choose to click on or other actions taken in the Shop. The legal basis for such activities is the Administrator’s legitimate interest (Article 6(1)(f) of the RODO) in facilitating the use of services provided electronically and in improving the functionality of these services.
- The provision of personal data by the Customer is voluntary.
- The controller shall take particular care to protect the interests of data subjects, and in particular shall ensure that the data collected by it are:
- processed lawfully,
- collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes,
- substantively correct and adequate in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
SHARING OF PERSONAL DATA
- Customers’ personal data is transferred to service providers used by the Administrator in the course of operating the Shop, in particular to
- entities supplying the Products,
- payment system providers,
- accounting office,
- Hosting providers,
- the provider of software enabling the business to be run,
- mailing system providers,
- the supplier of the software needed to operate the online shop.
- The service providers referred to in point 1 of this paragraph to whom the personal data are transferred, depending on contractual arrangements and circumstances, are either subject to the instructions of the Controller as to the purposes and means of processing such data (processors) or determine themselves the purposes and means of processing (controllers).
THE RIGHT TO CONTROL, ACCESS AND RECTIFY THEIR OWN DATA
- The data subject shall have the right of access to the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
- Legal grounds for the Customer’s request:
- Access to data – Article 15 RODO.
- Rectification of data – Article 16 RODO.
- Deletion of data (the so-called right to be forgotten) – Article 17 RODO.
- Restriction of processing – Article 18 RODO.
- Data portability – Article 20 RODO.
- Objection – Article 21 RODO
- Withdrawal of consent – Article 7(3) RODO.
- In order to exercise the rights referred to in point 2, you may send an appropriate e-mail to the following address: email@example.com.
- If the Client makes a claim under the above rights, the Administrator shall either comply with the request or refuse to comply with it immediately, but no later than within one month of receipt. If, however, due to the complexity of the request or the number of requests, the Administrator is unable to comply with the request within one month, he shall comply with the request within a further two months by informing the Service Recipient, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
- If it is established that the processing of personal data violates the provisions of the RODO, the data subject has the right to lodge a complaint with the President of the Data Protection Authority.
- The Administrator’s website uses “cookies”.
- Installation of “cookies” is necessary for proper provision of services on the Store’s website. The “cookies” contain information necessary for the proper functioning of the website and they also give the possibility to develop general statistics on website visits.
- The website uses two types of cookies: “session” and “permanent”.
- “Session” cookies are temporary files that are stored on the Service Recipient’s terminal equipment until they log off (leave the website).
- “Permanent” cookies are stored in the final device of the Customer for the time specified in the parameters of the cookies or until they are deleted by the Customer.
- The Administrator uses its own cookies to better understand how visitors interact with website content. The cookies collect information about the use of the website by the Client, the type of website from which the Client was redirected, the number of visits and the length of the Client’s visit to the website. This information does not record specific personal data about the customer, but is used to compile statistics about website usage.
- The Administrator uses external cookies to collect general and anonymous statistical data via Google Analytics analytical tools (administrator of external cookies: Google Inc. based in the USA).
- Cookies may also be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which the Customer uses the Shop. For this purpose, they may store information about the Customer’s navigation path or time spent on a given page.
- The Customer shall be entitled to decide on the access of cookies to his/her computer by selecting them in advance in his/her browser window. Detailed information on the possibility and methods of using cookies is available in the software (browser) settings.
ADDITIONAL SERVICES RELATING TO USER ACTIVITY IN THE SHOP
- The Shop uses so-called social plugins (“plugins”) of social networks. By displaying the website www. nicromi.com containing such a plug-in, the Customer’s browser will establish a direct connection to the servers of Facebook, Instagram, Pinterest, Twitter, Google and YouTube.
- The content of the plugin is transmitted by the provider directly to the Client’s browser and integrated into the website. Through this integration, service providers receive information that the Client’s browser has viewed the website www. nicromi.com, even if the Client does not have a profile with the service provider or is not currently logged in with him. This information (including the Client’s IP address) is sent by the browser directly to the provider’s server (some servers are located in the USA) and stored there.
- If the Client logs in to one of these social networks, the service provider will be able to directly associate the visit to www. nicromi.com with the Client’s profile on that social network.
- If the user uses the plugin, e.g. by clicking on the “Like” button or the “Share” button, the corresponding information will also be transmitted directly to the server of the respective service provider and stored there.
- The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and the rights of the Client in this regard and the possibility of making settings to ensure the protection of the Client’s privacy are described in the service providers’ privacy policies:
- If you do not want social networks to attribute the data collected during your visit to www. nicromi.com directly to your profile on a particular network, you must log out of that network before visiting www. nicromi.com. The customer can also completely prevent plug-ins from being loaded on the website by using the appropriate browser extensions, such as blocking scripts with “NoScript”.
- The Administrator uses remarketing tools, i.e. Google Ads, on its website, which involves the use of Google LLC cookies related to the Google Ads service. As part of the mechanism for managing cookie settings, the Customer has the option to decide whether the Service Provider will be able to use Google Ads (administrator of external cookies: Google Inc. based in the USA) in relation to him.
- The controller shall apply technical and organisational measures to ensure the protection of the processed personal data, appropriate to the risks and categories of data protected, and in particular shall protect the data against their disclosure to unauthorised persons, against their appropriation by an unauthorised person, against their processing in violation of the applicable legislation, and against their alteration, loss, damage or destruction.
- The Administrator shall make available appropriate technical measures to prevent unauthorised persons from acquiring and modifying personal data sent electronically.