1. GENERAL PROVISIONS
1.1. The Administrator of personal data is Novabrands Katarzyna Fulara in Gliwice (44-100) at 37 Bl.Czeslawa Str , registered in the Central Registration and Information on Business run by the Ministry of Development, under the following numbers: tax number (NIP) 6312484465, hereinafter referred to as the "Administrator" and being the Online Store Service Provider and the Seller.
1.2. The personal data of the Service Recipient (Consumer) is processed in accordance with the Personal Data Protection Act of 29 August 1997 (Journal of Laws No. 133, item 883, as amended), the Act on electronic services of 18th July 2002 (Journal of Laws No. 144, item 1204, as amended), and Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27th, 2016 (GDPR).
1.2.1 In order to provide electronic services and conclude sales contracts, the legal base for the processing of personal data is art. 6 par. 1 let. a) and b) of GDPR.
1.2.2 For the purpose of fulfilling legal obligations incumbent on the Administrator on the base of generally applicable laws, including tax and accounting regulations - the legal base for the processing of personal data is Art. 6 par. 1 let. c GDPR
1.2.3 For analytical and statistical purposes - the legal base for processing personal data is the interest of the Administrator (art. 6 act. 1 let. f) of GDPR, the Administrator's justified interest is to analyze the results of business operations.
1.2.4 In order to implement the legitimate interest of the Administrator consisting in the possible determination or seeking of claims or defense against claims - the legal base of processing personal data is the interest of the Administrator (art. 6 par.1 let. f of GDPR).
1.3 The Administrator takes special care to protect the interests of the data subjects, and in particular ensures that the data they collect are processed in accordance with the law; collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes, factually correct and adequate in relation to the purposes for which they are processed and stored in a form allowing identification of the persons they concern, no longer than it is necessary to achieve the purpose of the processing.
1.4 Providing personal data by the Service Recipient / Customer is voluntary, but failure to provide the personal data specified in the T&C necessary to conclude a Sales Agreement or anelectronically supplied services contract results in the refusal to conclude the Agreement. The data necessary to conclude a Sales Agreement or a contract for the provision of Electronic Services are also indicated on the website of the Online Store.
1.5. The justification of processing the personal data of the Service Recipient / Consumer is the need to implement the contract, which the Service Recipient / Consumer is a party of or to take action on their request before its conclusion.
2. PURPOSE AND SCOPE OF DATA COLLECTION
2.1. The purpose of collecting personal data by the Administrator is:
2.1.1. establishing, shaping content, changing, executing or terminating the contractual relationship between the Service Provider (Seller) and the Customer (Client) – providing Electronic Services via the Online Store or concluding and performingGoods Sales Contracts and delivering them to the Customer.
2.2. In the case of Customers who use shipping options, the Administrator provides the collected personal data of the Customer to a selected company:
2.2.1. Inpost SA, Malborska 130Street, 30-624Cracow, KRS 0000536554
2.2.4. FedEx Express Polska Ltd. Krucza 16/22Street, 00-526 Warsaw, KRS 0000037973
2.3. In the case of Consumers who use electronic payments or who pay by card, the Administrator transfers the collected personal data of the Client to an online payment system operator chosen by the Customer and only to the extent that is necessary for the Customer to make payments via this company. Online payment system operators available:
2.3.2. PayPal (Europe) S.a.r.l. et Cie, S.C.A - PayPal online payment operator. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal l-2449, Luxembourg.
PayPal (Europe) S.à.l. &Cie, SCA with its registered office at L-1150 in Luxembourg has a valid license as a Luxembourg credit institution within the meaning of Article 2 of the Finance Act of 5 April 1993 as amended and subject to strict supervision by the Luxembourg supervisory institution, Commission de Surveillance du Secteur Financier (Financial Sectoral Commission). Due to the fact that the service is limited to financial operations in electronic form, which in the spirit of the Act are not considered as deposits or investment services, PayPal customers are not protected by deposit guarantee schemes in Luxembourg run by the Association pour la Garantie des Dépôts Luxembourg (AGDL).
PayPal Inc. is the parent company of PayPal (Europe) S.à.l. &Cie, S.C.A. Its headquarters are in the United States, California.
2.4. The Administrator processes the following personal data of the Customer (Customers): name and surname; e-mail address; contact phone number; address (street, house number, apartment number, zip code, city). In the case of Clients (Customers) who are not Consumers, the Administrator processes additionally the company’s name and tax identification number (NIP).
2.5. Providing personal data referred to in point 2.4. is necessary for providing the Service by the Electronic Servicesprovidedas part of the Online Store or conclusion of the Product Sales Agreement. The scope of the data is also indicated in the T&C of the Online Store and before a specific Electronic Service is provided or a Sales Agreement on the Online Store’s website is concluded.
2.6 In addition, recipients of personal data may be:
2.6.1. IT system and IT services suppliers.
2.6.2. On the base of relevant agreements of entrusting the processing of personal data, entities that provide the Administrator with accounting services, quality control, debt recovery, legal, analytical and marketing services.
2.6.3. Authorities entitled to receive the Client’s personal data on the base of legal provisions.
2.7. The Administrator processes the personal data of people who liked our social media profiles. The data is processed in order to enable day-to-day management of our profiles, including to communicating with the community and organizing events or competitions, on terms and conditions defined by the functionalities of individual social media and their regulations. Data of community members are also processed for statistical and analytical purposes and can be processed for claims and defense against claims. The legal base for the processing of your personal data is our legally legitimate interest (art. 6 act. 1 let. f of GDPR).
2.8. In the case of contacting the Administrator by phone, in matters not related to the contract or services provided, we may request personal data only if it is necessary to handle the matter which the call concerns. The legal base is in this case is the justified interest of the Administrator (art. 6 act 1 let. f of GDPR), relating to the necessity to solve a reported matter related to their business activity.
The Administrator processes personal data only relevant to the case to which the correspondence relates. All correspondence is stored in a manner ensuring the security of personal data and other information and can be disclosed only to authorized persons.
2.9. In the case of receiving e-mails or traditional mail not related to services provided to the Customer or other contract concluded with him, the personal data contained in this correspondence is processed only for the purpose of communication and settling the matter, connected with this mail.
The legal basis of the processing is the justified interest of the Administrator (art. 6 act 1 let. f of GDPR), connected with themail addressed to them in connection with his business.
3. OPERATIONAL DATA
3.1. The Service Provider also collects operating data (so-called logs - IP address, domain), which are stored for an indefinite period of time and used to generate statistics helpful in administering the Online Store. This data is aggregated and anonymous, i.e. it does not allow identify visitors to the Online Store. The logs are not disclosed to third parties.
The online store does not automatically collect any data, except for the data contained in cookies when using the Website. Cookies are small text files sent by an online store and stored on your computer containing certain information related to your use of the Website and the Online Store. Cookies used by the online store may be temporary or permanent. Temporary cookies are deleted when the browser is closed, while permanent cookies are also stored after you use the Website and are used to store information such as your password or login, which makes the use of the Website easier. The Online Store uses the below cookie files for the following purposes:
In any case, the Client can block the installation of cookies or delete permanent cookies by using given settings of their web browser. In case of any problems, we advise you to use the browser's help file or contact the browser support team.
4. DATA PROCESSING TIME
4.1. In the case of personal data processed for the purpose of conclusion and performance of sales contracts - for the time necessary to perform all obligations under the sales contracts.
4.2 In the case of personal data processed in order to provide services to the Customer by electronic means - for the time of providing electronic services to the Customer.
4.3. In the case of personal data processed in order to send marketing content - until the Customer lodges an objection to the processing of personal data.
4.4. In the case of data processing for analytical and statistical purposes - for the time of providing electronic services to the Customer.
4.5. In the case of data processing in order to implement the legitimate interest of the Administrator, connected with a possible determination or pursuit of claims or defense against claims - until the expiration of the period of limitation of claims. After this period, personal data will be processed only to the extent and for the time required by law, including accounting regulations.
5. RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
5.1. The Service Recipient has the right to access their personal data and to correct it.
5.2. Each person has the right to control the processing of their data in the Administrator’s system.
5.2.1. Can get information on how and to what extent their data is processed.
5.2.2. May obtain a copy of their personal data.
126.96.36.199 If the request includes copies of data, please indicate which data you would like to receive.
188.8.131.52. The Administrator may charge a fee for the second and subsequent copies, which you be notified about.
184.108.40.206 The fee charged will reflect to the costs of preparing another copy.
5.2.3. They may request correction of their data (if it has been incorrectly saved or if it has changed)
5.2.4. The Client may request the Administrator to remove their personal data (if there is no legal base for the Administrator to process them)
5.2.5. The Client may request a processing restriction (if they want the Administrator to process their data only to a limited extent, until their opposition or request for rectification has been considered, and if they want the data to be stored in relation to theirclaims);
5.2.5. The Client may request transferring their data, provided to the Administrator, in a structured, commonly used, machine-readable format. The received data can be passed on to a chosen Administrator. In addition, if it is technically possible, while maintaining appropriate security standards, we may transfer data to another Administrator on your behalf.
5.3.6. When the processing of your data by the Administrator is based on a legitimate interest, you may object to such processing;
5.3.7. Each person also has the right to lodge a complaint [in Poland - the President of the Office for Personal Data Protection (until May 25, 2018 called the Inspector General for Personal Data Protection)].
If you believe that the processing of your personal data violates your rights - please inform us about it: firstname.lastname@example.org. We try to respond to the comments and suggestions of our Users and, above all, to respect their rights.
5.3. In order to obtain the rights referred to above, the Client can use the options available on their Account (this option applies only and exclusively to Clients who have an account), or by sending an appropriate message by e-mail to the following address: email@example.com or in writing to the Administrator's address.
5.3.1 The documents regarding data processing can be submitted in the following form:
- in writing to the following address: Novabrands., Bl.Czeslawa 37 Str, 44-100 Gliwice, Poland
- by e-mail to the following address: firstname.lastname@example.org.
The message should, if possible, precisely indicate the matter of the request, i.e.”
- what permission the person submitting the application wants to obtain/withdraw (the right to receive a copy of the data, the right to delete the data, etc.);
- what the request concerns (using a specific service, receiving the newsletter on a specific email address, etc.);
- what processing purposes the request concerns (e.g. marketing, analytics, etc.).
5.3.2. A response to requests will be given within a month. If it is necessary to extend this deadline, the Administrator will inform the applicant about the reasons of such extension.
5.3.3. The answer will be provided to the e-mail address from which the request was sent, and in the case of letters - sent by regular mail to the address provided by the applicant, unless the content of the letter indicates the desire to receive feedback by e-mail (in this case, please indicate so).
5.4. The Client has the right to lodge a complaint with a supervisory body [in Poland - the President of the Office for Personal Data Protection (until May 25, 2018 called the Inspector General for Personal Data Protection)].
6. PERSONAL DATA SAFETY
6.2. The administrator uses technical and organizational measures to ensure the protection of personal data being processed - different according to the threats and categories of data to be protected, and in particular, protects data from revealing it to unauthorized persons, processing it, violating regulations, or changing, losing, damage, or destruction of the data.
6.3. The administrator provides the following technical measures to prevent people from acquiring and modifying the data:
Protection against unauthorized access:
6.3.1. Securing the data set against unauthorized access.
6.3.2. SSL certificate.
6.3.3. Access to the Account only after providing an individual login and password.
6.3.4. In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures allowing access to personal data only by authorized persons and only to the extent that it is necessary due to the tasks performed by them.
6.3.5. The administrator applies organizational and technical solutions to ensure that all operations on personal data are registered and performed only by authorized persons.
6.3.6. In addition, the Administrator undertakes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee appropriate security measures whenever they process personal data at the request of the Administrator.
6.3.6. The administrator conducts regular risk analysis and monitors the adequacy of data security according to the identified threats. If necessary, the Administrator implements additional measures to increase data security.
6.4. The Administrator will not transfer the personal data of the Customer to third countries, except when the customer selects the PayPal online payment system option, which is owned by PayPal (Europe) S.a.r.l. et Cie, S.C.A, which might result in transferring the data to the US, where the company has its headquarters - PayPal Inc.