GENERAL PROVISIONS BASIS FOR DATA PROCESSING PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE RECIPIENTS OF DATA IN THE ONLINE STORE PROFILING IN THE ONLINE STORE RIGHTS OF THE DATA SUBJECT COOKIES IN THE ONLINE STORE AND ANALYTICS FINAL PROVISIONS
BASIS FOR DATA PROCESSING
PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
3.1. Each time, the purpose, basis, period, and recipients of personal data processed by the Administrator result from actions taken by a given Service User or Customer in the Online Store or by the Administrator. For example, if a Customer decides to make a purchase in the Online Store and chooses to collect the purchased Product in person instead of courier delivery, their personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier executing shipments on behalf of the Administrator. 3.2. The Administrator may process personal data within the Online Store for the following purposes, on the bases, and for the periods indicated in the table below:
Purpose of data processing
Legal basis for data processing
Data Retention Period
Execution of the Sales Agreement or agreement for providing Electronic Services, or undertaking actions at the request of the person whose data it concerns, before concluding the aforementioned agreements.
Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
The data is stored for the period necessary to execute, terminate or otherwise expire the concluded Sales Agreement or agreement for providing Electronic Services.
Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – the processing is necessary for the purposes of the legitimate interests pursued by the controller – consisting in caring for the interests and good image of the controller, his online store, and striving to sell products.
The data is stored for the duration of the legitimate interest pursued by the controller, but no longer than the period of limitation of the controller's claims against the person to whom the data relates, arising from the controller's business activities. The period of limitation is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to conducting business activities is three years, and for the Sales Agreement, two years). The controller cannot process data for the purposes of direct marketing in the event of an effective objection in this regard by the person to whom the data relates.
Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Administrator
Data is stored until the withdrawal of consent by the data subject for further processing of their data for this purpose.
Maintaining accounting books
Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395 as amended) - processing is necessary to fulfill a legal obligation incumbent on the Administrator.
The data is stored for the period required by the legal provisions obliging the Administrator to keep accounting records (5 years, starting from the beginning of the year following the financial year to which the data relates).
Establishment, pursuit, or defense of claims that may be raised by the Administrator or that may be raised against the Administrator.
Article 6(1)(f) of the GDPR (legitimate interest of the controller) – processing is necessary for the purposes arising from the legally justified interests of the Administrator – consisting in the establishment, pursuit, or defense of claims that may be raised by the Administrator or that may be raised against the Administrator.
The data is stored for the period of existence of the legally justified interest pursued by the Administrator, but no longer than the period of limitation of claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).
Use of the Online Store website and ensuring its proper functioning.
Article 6(1)(f) of the GDPR (legitimate interest of the controller) - processing is necessary for the purposes arising from the legitimate interests of the Controller - consisting in the operation and maintenance of the Online Store website.
Data is stored for the period of the existence of the legally justified interest pursued by the Controller, but no longer than the period of limitation of claims of the Controller against the person whose data concern, related to the business activity conducted by the Controller. The limitation period is determined by the legal provisions, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is three years, and for the Sales Agreement two years).
Conducting statistics and analyzing traffic in the Online Store
Article 6 (1) (f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes arising from the legitimate interests of the Administrator – consisting in conducting statistics and analyzing traffic in the Online Store in order to improve the functioning of the Online Store and increase sales of Products.
The data is stored for the period of the existence of the legitimate interest pursued by the Administrator, but not longer than the period of limitation of claims against the person whose data is concerned, related to the business activity conducted by the Administrator. The period of limitation is determined by legal provisions, in particular the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for the Sales Agreement two years).
RECIPIENTS OF DATA IN THE ONLINE STORE
PROFILING IN THE ONLINE STORE
RIGHTS OF THE DATA SUBJECT
COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store's website (e.g., on the hard disk of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor of our Online Store). Detailed information about Cookies, as well as their history, can be found here: https://pl.wikipedia.org/wiki/HTTP_cookie. 7.2. Cookies that may be sent by the Online Store's website can be divided into different types, according to the following criteria:
Due to their provider:
first-party (created by the Administrator's Online Store website) and
belonging to third parties (other than the Administrator)
Due to their storage period on the device of the person visiting the Online Store website:
session (stored until logging out of the Online Store or closing the internet browser) and
persistent (stored for a specific time, defined by the parameters of each file or until manually deleted)
Due to their purpose of use:
necessary (enabling the proper functioning of the Online Store website),
functional/preferential (allowing the customization of the Online Store website to the preferences of the person visiting the page),
analytical and performance (collecting information on how the Online Store website is used),
marketing, advertising, and social (collecting information about the person visiting the Online Store website in order to display advertisements to this person, personalize them, measure effectiveness, and conduct other marketing activities, including on websites separate from the Online Store website, such as social media platforms or other pages belonging to the same advertising networks as the Online Store)
7.3. The Administrator may process data contained in Cookies when visitors use the Online Store's website for the following specific purposes:
7.4. Checking in the most popular web browsers what Cookies (including the duration of Cookies and their provider) are sent at a given moment by the Online Store's website is possible in the following way:
In the Chrome browser: (1) in the address bar, click on the padlock icon on the left, (2) go to the “Cookies” tab.
In the Firefox browser: (1) in the address bar, click on the shield icon on the left, (2) go to the “Allowed” or “Blocked” tab, (3) click on the field “Cross-site tracking cookies”, “Social media trackers”, or “Trackers in content”.
In the Internet Explorer browser: (1) click the “Tools” menu, (2) go to the “Internet Options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click the “View Files” field.
In the Opera browser: (1) in the address bar click on the padlock icon on the left side, (2) go to the “Cookies” tab.
In the Safari browser: (1) click the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on the "Manage Website Data" field.
7.5. By default, most web browsers available on the market accept the storage of Cookies. Everyone has the ability to set the terms of using Cookies through their own web browser settings. This means that one can, for example, partially limit (e.g., temporarily) or completely disable the possibility of storing Cookies – in the latter case, however, it may affect some functionalities of the Online Store (for example, it may be impossible to proceed through the Order Path via the Order Form due to not remembering Products in the basket during subsequent steps of placing the Order).
in the Chrome browser
in the Firefox browser
in the Internet Explorer browser
in the Opera browser
in the Safari browser
in the Microsoft Edge browser
7.7. The Administrator may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator to conduct statistics and analyze traffic in the Online Store. Collected data is processed within the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. These data are aggregate in nature. Using the above services in the Online Store, the Administrator collects data such as sources and medium of acquiring visitors to the Online Store and how they behave on the Online Store website, information about the devices and browsers from which they visit the site, IP and domain, geographical data and demographic data (age, gender) and interests.
7.8. It is possible to easily block by an individual the sharing of information about their activity on the Online Store website to Google Analytics – for this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=en.