1. The administrator of personal data collected via the Store https://okiday.pl is OKIDAY Spółka z ograniczoną odpowiedzialnością, registered in the National Court Register under KRS number: 0000879892, NIP: 8641960850, REGON: 387982753, address of the place of business Koćmierzów 30, 27 -650 Samborzec, and the address for service: ul. Sadowa 16/23, 05-110 Jabłonna, e-mail address: email@example.com, hereinafter referred to as the “Administrator” and being also the Service Provider.
PURPOSE AND SCOPE OF DATA COLLECTION
1. Personal data will be processed for the purpose of making purchases in our online store, direct marketing regarding own products and services, carried out in a traditional form (paper), constituting the so-called the legitimate interest of the entrepreneur. Data for these purposes will be processed on the basis of art. 6 sec. 1 lit. b), c) and f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( GDPR).
2. After expressing a separate consent, pursuant to art. 6 sec. 1 lit. a) GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – respectively in connection with art. 10 sec. 2 of the Act of July 18, 2002 on the provision of electronic services or art. 172 sec. 1 of the Act of July 16, 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the user has given the appropriate consent.
3. If it is necessary to deliver the order, personal data may be made available to postal operators or carriers only for the purpose of delivering the order.
Personal data processed for purposes related to the implementation of purchases will be processed for the period necessary to complete purchases and orders, after which the data subject to archiving will be stored for the period appropriate for the limitation of claims, i.e. 6 years. Personal data processed for marketing purposes covered by the consent statement will be processed until the consent is revoked.
4. If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the Inspector General for Personal Data Protection (since May 25, 2018 – President of the Office for Personal Data Protection).
5. Providing personal data is voluntary, however, providing marked personal data is a condition for placing an order, and the consequence of not providing them will be the inability to order products in the store.
6. Personal data will also be processed in an automated manner in the form of profiling, provided that the user agrees to it pursuant to art. 6 sec. 1 lit. a) GDPR. The consequence of profiling will be assigning a profile to a given person in order to make decisions concerning them or to analyze or predict their preferences, behaviors and attitudes.
7. The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are:
a) processed in accordance with the law,
b) collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes,
c) factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of the persons they concern, no longer than it is necessary to achieve the purpose of processing.
THE RIGHT OF CONTROL, ACCESS TO OWN DATA AND CORRECTION
1. The data subject has the right to access their personal data and the right to rectify, delete, limit processing, the right to transfer data, the right to raise objections, the right to withdraw consent at any time without affecting the lawfulness of processing, which was made on the basis of consent before its withdrawal.
2. In order to exercise the rights referred to in point 1, you can send an appropriate e-mail to the following address: firstname.lastname@example.org
1. The Service Provider’s store uses “cookies”. No change in the browser settings on the part of the Service Recipient is tantamount to consent to their use.
2. The installation of “cookies” is necessary for the proper provision of services in the Store. Cookies contain information necessary for the proper functioning of the Store, in particular those requiring authorization.
3. The Store uses three types of “cookies”: “session”, “permanent” and “analytical”.
3.1. “Session” cookies are temporary files that are stored on the Customer’s end device until logging out (leaving the Store).
3.2. “Permanent” “cookies” are stored in the Customer’s end device for the time specified in the “cookie” parameters or until they are deleted by the Customer.
3.3. “Analytical” cookies enable a better understanding of the way the Service Recipient interacts with the content of the Store, better organize its layout. “Analytical” “cookies” collect information on how the Customer uses the Store, the type of website from which the Customer was redirected, and the number of visits and time of the Customer’s visit to the Store’s website. This information does not register specific personal data of the Service Recipient, but is used to compile statistics on the use of the Store.
4. The Service Recipient has the right to decide on the access of “cookies” to his computer by selecting them in advance in his browser window. Detailed information on the possibilities and ways of handling “cookies” are available in the software (web browser) settings.
1. The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction .
2. The Service Provider provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.