Let me begin with some preliminary information.
- The owner of the Website and at the same time it’s Administrator is Agnieszka Śmiałkowska (namely me :))
- In all matters concerning your privacy you can contact me directly at firstname.lastname@example.org
- Please keep in mind that subscribing to my Pretty Simple Newsletter, placing and order at my Website or getting in contact with me via any of the possible ways stated at the Website you provide me with your personal data. I’m obliged to make every possible effort to keep your personal data safe, confidential and have not been made available to third parties, if you do not consent to it.
Ok, that’s being said, let us begin!
§ 1 The rights of individuals in relation to their personal data.
- I would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access – you have the right to get confirmation of the fact of processing your personal data from the Administrator. You have the right to obtain information what personal data are being processed and how your personal data are used;
- The right to receive a copy of your personal data – you can request a copy of the data being processed. First copy is prepared for free;
- The right to rectification – you can request for correction of any information you believe is inaccurate and for completing any information you believe is incomplete;
- The right to erasure – also called the right to being forgotten, if the Administrator have no longer any grounds for processing of your data or in case when your personal data are no longer necessary for processing you can request deleting them;
- The right to restrict processing – you can request restricting of processing of your personal data in any case when you f.e. question the correctness of the personal data or the processing is unlawful;
- The right to data portability – you have the right to obtain your personal data that you’ve provided for the Administrator and to transfer them to another administrator of personal data selected by you personally or to ask the Administrator for transferring of your personal data to the new administrator on your behalf;
- The right to object – you can object to your personal data being processed at any time for reasons connected with your specific situation;
- The right to issue a complain to the relevant supervisory authority – if you find that I am processing your personal data unlawfully, you can submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority.
2. If you want to exercise the above-mentioned rights you should contact the administrator and inform her exactly what right and to what extend do you want to exercise.
§ 2 Type of data processed, purposes and legal basis.
- Your personal data are collected in the event of:
- Pretty Simple Newsletter subscription – in order to implement the newsletter service contract, which is provided electronically on the basis of the Store Regulations available on the Website. When subscribing to the newsletter, the Administrator processes the following data: name, e-mail address, subscription date and information about newsletter dispatch. The legal basis of Art. 6 sec. 1 lit. b GDPR.
- Placing an order – in order to implement the contract for the sale of products available on the Website, to include the invoice in the accounting documentation and for archival and statistical purposes, including the identification of a returning customer. The data you need to provide are your first and last name, billing address, e-mail address, telephone number (eventually tax identification number, if the contract is concluded in the course of the business). Providing this data is voluntary, but necessary to place an order. In case of refusal, it will not be possible to conclude a contract for the sale of products. Your data will also be stored after the performance of the contract. You cannot object to it, until the expiry of the limitation period for pursuing claims under the contract. The legal basis of Art. 6 sec. 1 lit. b, c GDPR.
- E-mail contact – in order to contact via e-mail. In the process of contacting me via e-mail or contact form you provide me with data such as: your e-mail address or/and the contents of the message and/or attachments you may send and any other information you may choose to provide me. Providing this data is voluntary but necessary to contact me. The legal basis of Art. 6 sec. 1 lit. f GDPR
- Account registration – in order to provide the account management service and its use, you must provide data such as an e-mail address and password. The account maintenance service is carried out on the basis of an agreement concluded on the terms described in the Store Regulations. You can decide to delete your account at any time, but remember that this does not automatically delete your data from the Administrator’s database, because I need this data for possible claims related to the contract for the provision of electronic services. The legal basis of Art. 6 sec. 1 lit. b GDPR.
- Comments/Feedback – by adding your comment on the blog or by adding your feedback on a product you provide me with your personal data such as your name and surname, e-mail address, the website address and the consent of the comment or feedback. In addition, the system records the IP address you used when adding a comment/feedback. This data is saved in the WordPress database and is stored throughout the life of the Website. In this case, your data is processed on the basis of your consent resulting from adding a comment/feedback. The data provided by you is processed solely for the purpose of publishing a comment on the blog or feedback on the webshop. Please note that both the comment/feedback and some data are visible on the blog/webshop.
- Complaints/Claims – in order to consider a complaint, I process the personal data of the individual issuing a complaint, in particular the e-mail address, name, content of the complaint, circumstances of the event giving rise to the complaint, information obtained in the course of considering the complaint, including explaining the event giving rise to it. In the course of considering the complaint, other information may be processed, such as name and surname, cookies, information about devices.
§ 3 Third parties that I’m sharing and entrusting your data and for how long the are stored.
- Your data is shared with and stored by service providers that I use to run my company, the website and online store. I entrust the processing of your personal data to the following entities:
- Laurus Sp. z o.o. with registered office at Klasztorna Street 26/3, 61-779 Poznań, Poland – for accounting processes and proceeding of invoices
- LH.pl Sp. z o.o. with registered headquarter at Poznań, Poland – in order to store the data on server
- MailerLite Limited at Ireland and MailerLite Inc. at the United States – in order to use the mailing system
- Courier companies: DHL Parcel Polska Sp. z o.o., Poczta Polska S.A., PostNord AB and its group companies – in order to process the shipment and delivery of goods
- LH.pl Sp. z o.o. with registered headquarter at Poznań, Poland as an entity providing services in the field of website maintenance – this entity may access your data in connection with technical works related to those areas in which data is processed.
- Due to the use of the MailerLite mailing system, which uses servers located outside the European Union, your personal data is transferred to a third country, in this case the United States of America (USA). However, your data is safe, as the supplier of the mailing system guarantees an appropriate level of protection and security of personal data.
- Your personal data is stored and processed by me until the consent is revoked, and after revocation of consent for a period of time corresponding to the period of limitation of claims that may be incurred by my business and which may be raised against you. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
- The Website uses small files, called cookies. Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by my ICT system.
- Cookies are used f.e. to maintaining the proper functioning of the Website, improving the speed and security of using the Website as well as using analytical or marketing tools.
- The Website uses two types of cookies files:
- Session cookies: information that is stored in the browser’s memory until the end of the browser session, i.e. until the browser is closed. These cookies are essential for some of the Website’s functionalities to function properly.
- Persistent cookies: thanks to these cookies using of the Website is easier for you (f.e. they help to remember your chosen screen resolution, content layout etc.). These cookies can be used for different purposes like helping to remember your settings, preferences and choices while using the Website. These cookies are are stored in the memory of the browser for a longer period of time.
- The Website www.pretty-simple.eu uses its own cookies for the purposes of analysis and research as well as audience audit, and in particular to create anonymous statistics that help to understand how you use the website, which allows improving its structure and content.
- The Website www.pretty-simple.eu uses external cookies called third-parties cookies in order to:
- Popularization of the website using social networking sites such as Facebook or Instagram (external cookie administrator Facebook Inc based in the USA or Facebook Ireland based in Ireland)
- Collecting general and anonymous statistical data via the analytical tools of Google Analytics (external cookie administrator Google Poland sp.z o.o.based in Warsaw).
- The cookie mechanism is safe for your computer. In particular, it is not possible for viruses or other unwanted software to enter your computer in this way.
- Server logs – using the Website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs. Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server. The data stored in the server logs are not associated with specific people using the Website and are not used by me to identify you. The server logs are only auxiliary material used to administer the website and their content is not disclosed to anyone except those authorized to administer the server.
§ 5 President of the Personal Data Protection Office.
- You have the right to issue a complaint to the relevant supervisory authority, which in this case in Poland is the President of the Personal Data Protection Office with registered headquarters in Warsaw, ul. Stawki 2, who you can contact as follows:
- By letter: ul. Stawki 2, 00-193 Warszawa
- Via the electronic inbox available on the website https://www.uodo.gov.pl/pl/p/kontakt
- By phone: (22) 5310300
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal of Laws No. UE L 2016 No. 119, p. 1).