Політика конфіденційності

Effective from: January 1, 2023

§1 Identity of the data administrator

1. The administrator of the personal data provided during the use of the Service and/or the Online Store operated under the name tvoe.pl is JDG Krystyna Hulets NIP 8943215913 Wroclaw 54-234 
Białowieska 101/59  kristina@tvoe.pl tel +48 786809355 REGON 525886336 Data shall be processed in accordance with currently applicable laws; i.e. Regulation 2016/679 of the European Parliament and of the Council of the EU of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: RODO), the Data Protection Act of May 10, 2018, as well as the Act of July 18, 2002 on the provision of electronic services.
2. The following Privacy Policy covers the rules for the processing of data of the Site Users, as well as persons entering into contracts with the Data Controller, including those related to the execution of an Order in the Online Store, as well as data collected through contact with the Data Controller (e-mail address or telephone) or traditional correspondence, as well as persons who like and/or observe the Administrator's fanpage on social media, if it conducts.

§2 Definitions used

1. The following definitions are used in this policy:
a) Service/Store - the Internet service available at tvoe.pl through which the User may: browse its content, contact the data controller, place orders for products and goods, order commercial and marketing information
b) Personal data controller - the entity that decides on the purpose and means of data processing, in this policy it is understood as: Krystyna Hulets Wroclaw 54-234 Białowieska 101/59 
c) User - a natural person to whom the data pertains and who uses the services available on the Website/Store.
d) Personal data - any information that without excessive time and cost can lead to the identification of an individual, including his/her identification, address and contact information.

§3 Purposes of personal data processing

1. The Personal Data Administrator shall process personal data only when permitted by currently applicable laws, including for the purposes of:
a) preparation and execution of the concluded sales contract, including the conclusion of a distance contract through an online store, to which the person is a party, as well as the exercise of rights arising therefrom, and this processing takes place on the basis of Article 6(1)(b) of the RODO,
b) to document the performance of contracts, including the issuance of a bill or invoice to the individual, the maintenance of accounting and tax records, on the basis of Article 6(1)(c) of the DPA, i.e. for the purpose of performing legal obligations incumbent on the Administrator of personal data, on the basis of Article 70 of the Tax Ordinance Act of August 29, 1997,
c) to take action at the request of the data subject, including answering questions asked via electronic means of communication or for the purpose of handling traditional correspondence, and this processing is based on Article 6(1)(b) of the DPA,
d) sending ordered marketing information electronically to the e-mail address provided by the User for this purpose, and this processing takes place on the basis of Article 6(1)(a) of the DPA, i.e. the consent of the data subject,
e) registration and creation of an Account in the Store, and this processing is carried out on the basis of Article 6(1)(a) RODO, i.e. the consent of the data subject,
f) to market the Controller's own products and services by traditional means, on the basis of Article 6(1)(f) RODO, i.e. for the purpose of realizing the legitimate interests of the Controller or the data subject,
g) for the purpose of sending an email requesting an evaluation of the Store and/or Goods/Product is done on the basis of Article 6(1)(f) RODO, and this processing is done for the legitimate purpose of the data controller (Seller), which is to improve the offer and/or Goods/Product and/or Store by collecting reliable opinions about them by the owner of the Store,
h. the assertion of rights and claims by the Data Controller or the Data Subject, based on Article 6 (1) (f) of the RODO and is done for a legitimate purpose.
2. The provision of personal data is necessary for the performance of a distance contract, including the shipment of goods or the provision of a digital product and the issuance of an accounting document, the assertion of claims, and the answering of questions. Provision of personal data in other respects is voluntary.
3. Failure to provide the required data makes it impossible to execute a distance contract, issue a bill or invoice or make contact at the request of the data subject.

§4 Ways of obtaining data

1. User's personal data is collected directly from data subjects, i.e. by:
a) filling out a form with contact information when submitting an inquiry via a form on the site,
b) filling out the newsletter subscription form,
c) filling out an order form in the shop-online,
d) registering an account on the Site,
e) providing data to prepare and conclude a contract,
f) direct contact with the data controller using the contact details available on the site or in traditional form at the place of business.

§5 Scope of processed data

1. The scope of processed personal data has been limited to the minimum necessary for the provision of services in terms of:
a) making an inquiry through the contact form or by means of contact details available on the site: e-mail address telephone number, e-mail address, first name, any other data provided voluntarily by the data subject,
b) to subscribe to a newsletter: first name, e-mail address,
c) placing an order in the online store: first and last name, e-mail address, telephone number, delivery address, possible address of the collection point,
d) registering an account on the Website or online store: first and last name, e-mail address, password, login,
e) issuing a bill or invoice: name and surname or name of the entity, registered office address, tax ID number,

§6 Data processing period

1. The period of data processing depends on the purpose for which the data were collected and is for:
a conclusion and performance of a sales contract, including distance sales - for the period necessary to document the contract performed, including the issuance of a bill or invoice - 5 years, counting from the end of the calendar year in which the deadline for tax payment expired, pursuant to Article 112 of the Law of March 11, 2004 on tax on goods and services, in conjunction with Article 70 of the Law of August 29, 1997. - Tax Ordinance,
b) for the purpose of sending commercial information by electronic means (newsletter) and/or setting up an Account in the Store/submitting a request for opinion by external satisfaction survey services - until the consent is revoked, without affecting the compliance of the processing performed before its revocation,
c) for the period necessary to answer a question asked via a contact form or by telephone, but for no longer than 6 months, unless the person decides to conclude a contract with the Personal Data Administrator,
d) for the purpose of asserting claims, pursuant to the Act of Article 118 of the Act of April 23, 1964. - Civil Code. Unless a specific provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business - three years.

§7 Recipients of data

1. User's personal data may be entrusted to other entities for the purpose of performing services on behalf of the data controller, in particular to entities in the field of:
a) website hosting,
b) servicing and maintaining the IT systems in which the data are processed, including for the purposes of newsletter automation, invoicing, order processing, etc,
c) maintenance of accounting services,
d) maintenance of office services,
e) courier service broker,
f) dropshipping and/or order logistics service.
2. User's personal data may also be shared with entities supporting the data controller, including entities providing courier and postal services, online payment processing.
3) User's personal data shall not be transferred to third countries or international organizations.
4) Personal data may be processed outside the European Economic Area in a so-called third country, in particular in the United States of America in connection with the Administrator's use of IT solutions whose servers are located outside the European Economic Area. The basis for data processing in third countries will be the European Commission's Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries. The data controller and service provider will provide the highest guarantees for the protection of the entrusted data. Data processing will not violate the privacy of individuals.

§8 Rights of data subjects

1. Data subjects shall have the right:
- to access the content of personal data, including to receive a first copy of the content of personal data free of charge,
- to correct the data,
- The right to erasure of data, unless other laws are in force that oblige the data controller to archive data for a specific period of time,
- The right to data portability, insofar as the basis for data processing is a contract or the consent of the data subject, and data processing is carried out by automated means,
- to revoke consent to the processing of personal data - if the basis for such processing was the consent of the data subject. Revocation of consent does not affect the compliance of the processing that was carried out before its withdrawal,
- to object to the processing of data - on grounds related to the particular situation to the processing of personal data concerning him/her based on Article 6(1)(e) or (f) of the RODO, as well as the right to restrict processing,
- The right not to be subject to automated profiling, if the controller would make decisions based solely on automated profiling with legal consequences for the data subject or similarly affected,
- the right to control the processing of the data and to be informed about who the controller is, as well as to be informed about the purpose, scope and manner of the processing of the data, the content of the data, the source of the data, and the manner of sharing, including the recipients or categories of recipients of the data,
2) In order to exercise the right to information, access to the content of the data, rectification of the data, as well as other rights, the Data Controller may be contacted.
3) The data subject also has the right to lodge a complaint with the Office for Personal Data Protection (OPA) if the processing of data violates the provisions of the General Data Protection Regulation (GDPR). The complaint may be filed electronically or by mail to: Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.

§10 Final provisions

In case of any changes in the applicable privacy policy, in particular if required by the technical solutions applied or changes in the law on privacy of data subjects, appropriate modifications to this Privacy Policy will be introduced, which will be effective within 14 days from their publication on the Website/Shop.