TABLE OF CONTENTS:
BASIS FOR THE PROCESSING OF DATA
PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING DATA IN THE ONLINE STORE
DATA RECIPIENTS IN THE ONLINE STORE
PROFILING IN THE ONLINE STORE
THE RIGHTS OF THE DATA SUBJECT
COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS
1. GENERAL PROVISIONS
1.2. The Controller of the personal data collected via the Online Store shall be the limited company 303 AVENUE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (office address and correspondence address: Bialostocka street 37, 07-200 Wyszków), registered in Register of Entrepreneurs of National Court Registry under the KRS number: 0000652807; Register Court which holds the company's documentation: District Court for the capital city of Warsaw, XII Commercial Department KRS; share capital in amount of 5.100,00 zł fully paid; tax ID no. NIP: 7010641916, National Economy Register No. REGON 366082974, e-mail address: firstname.lastname@example.org and telephone number: (+48) 734 458 777 – hereinafter referred to as “Controller” and being simultaneously the Service Provider of the Online Store and the Seller.
1.3. Personal data in the Online Store shall be processed by the Controller in accordance with the binding legal regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur- lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
1.5. The Controller assures due diligence to protect the interest of persons being data subjects, in particular being responsible and liable for and assuring that the data collected are: (1) processed in accordance with the Act; (2) collected for specific, legal purposes and not subject to further processing inconsistent with the purposes; (3) correct as regards the subject matter and adequate as regards the purpose of the processing; (4) stored in a form making it possible to identify the people they apply to, no longer than it proves necessary to attain the purpose of processing and (5) processed in a manner ensuring security of the personal data, including the protection against illicit or illegal processing or accidental loss, damage or destruction, with the use of appropriate technical and organisational measures.
1.6. Taking into account the nature, scope, context and purpose of processing as well as the risk of breaching the rights or freedoms of natural persons with varied likelihood and degree of threat, the Controller is implementing appropriate technical and organisational measures so that the processing takes place pursuant to the Regulation and it is possible to show it. The measures are reviewed and updated, as necessary. The Controller applies technical measures preventing the acquisition and modification of personal data sent electronically by unauthorised persons.
2. BASIS FOR THE PROCESSING OF DATA
2.1. The Controller is authorised to process the personal data in cases, and to the extent, when at least one of the following conditions is met: (1) the data subject consented to the processing of their data to one or more specified ends; (2) processing is necessary for contract performance the data subject is a party to, or to take actions to the request of the data subject, prior to contract conclusion; (3) processing is necessary to meet the legal obligation of the Controller; or (4) processing is necessary for the needs resulting from the legally justified interests of the Controller or third party, except for situations when the interests or basic rights and freedoms of the data subject override such interests and they require personal data protection, especially when the data subject is a child.
3. PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING DATA IN THE ONLINE STORE
3.1. Each time, the purpose, basis, period and scope as well as the recipients of personal data being processed by the Controller result from actions undertaken by a given Service User or Customer in the Online Store.
3.2. The Controller may process the personal data in the Online Store for the purposes, on the bases, within the periods and scope, as follows: