1. GENERAL PROVISIONS
1.2. The administrator of the personal data collected through the Online Store is the company AVA Ltd. based in Bialystok (registered office and address for delivery: 34A General Francis Kleeberg St., Bialystok 15-691); entered in the Register of Business Entities of the National Court Register under the National Court Register Number (KRS): 0000118196; the register court, where the company's documentation is kept: District Court in Bialystok, XII Economic Division of the National Court Register; share capital of PLN 50,000.00; Tax Identification Number (NIP): 5422453726; National Business Registry Number (REGON): 008125304; e-mail address: firstname.lastname@example.org, contact phone number: +48 85 744 59 83, and fax number: +48 85 744 59 83 - hereinafter referred to as the "Administrator" and being at the same time the Online Store Service Provider and the Seller.
1.3. The personal data of the Service Recipient and the Client are processed in compliance with the General Data Protection Regulation of 27 April 2016. (Official Journal of the EU L 119 of 04.05.2016) (hereinafter: RODO) and the Act on the Provision of Electronic Services of 18 July 2002 (Journal of Laws 2002 No. 144, item 1204, as amended).
1.4. The Administrator undertakes the utmost care to protect the interests of data subjects, and in particular ensures that the collected data are processed lawfully; collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; factually correct and relevant to the purposes for which they are processed; and stored in a form which enables the identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
1.5. All of the words, phrases, and acronyms appearing on this website and which begin with a capital letter (e.g. Seller, Online Store, Electronic Service) shall be construed following their definitions contained in the Rules and Regulations of the Online Store available on the pages of the Online Store.
2. PURPOSE AND SCOPE OF DATA COLLECTION AND DATA RECIPIENTS
2.1 In each instance, the purpose, scope, and recipients of the data processed by the Administrator result from the actions taken by the Service Recipient or the Customer in the Online Store. For example, if the Customer chooses personal pick-up instead of courier delivery when placing an Order, his or her personal pick-up will be processed for the purpose of concluding and implementing the Sales Agreement, but will no longer be made available to the carrier carrying out the delivery on behalf of the Administrator.
2.2. Potential purposes for the collection of personal data of Service Recipients or Customers by the Administrator:
2.2.1. Concluding and performing the Sales Agreement - based on Article 6(1)(b) RODO. Providing personal data is voluntary, however, failure to do so will result in the inability to place orders. Personal data provided for this purpose will be retained for a period of 6 years.
2.2.2. Direct marketing of the Administrator's own merchandise or services - based on Article 6(1)(f) RODO. Providing personal data is voluntary. The personal data provided for this purpose will be retained until you express your objection or the business grounds cease to exist.
2.2.3. Maintaining a Customer Account - based on Article 6(1)(b) RODO. Providing personal data for this purpose is voluntary, however, failure to do so will result in the inability to maintain an account and place orders through it.
2.2.4. Collecting information related to the user's use of the Online Store (cookies) - based on Article 6(1)(f) of the General Data Protection Regulation of 27 April 2016 - more specifically for the purpose of maintaining the user's session (after logging in), thanks to which the user does not have to re-enter the Login and Password credentials on each sub-page of the Online Store, adapting and optimizing the Online Store to the needs of customers, creating statistics of viewing sub-pages of the Online Store, ensuring safety and reliability of the functioning of the Online Store.
2.2.5. Collecting feedback related to the quality of service and the goods supplied - based on Article 6(1)(f) of the General Data Protection Regulation of 27 April 2016. The data processed in this respect will be processed until the business grounds cease to exist or until you express your objection, and request the deletion or restriction of the processing at any time. To exercise the aforementioned rights, please send an e-mail to: email@example.com.
2.2.6. Marketing of merchandise or services of the Administrator's partners - based on Article 6(1)(a) RODO. Providing personal data is voluntary. The personal data provided for this purpose will be retained until you express your objection or the business grounds cease to exist.
2.3. Possible recipients of Customers' personal data in the Online Store:
2.3.1. In the case of a Customer who uses postal or courier delivery services in the Online Store, the recipient of the Customer's personal data is the selected carrier or middleman performing the delivery on behalf of the Administrator.
2.3.2. In the case of a Customer who uses the electronic or credit card payment method in the Online Shop, the recipient of the Customer's personal data is the selected entity handling the aforementioned payments in the Online Store.
2.3.3. Some other recipients of personal data may be: the website hosting provider, the company providing marketing services to the Administrator, the software provider used to send marketing information, customer feedback servicers, and the Administrator's business partners.
3. COOKIES AND USAGE DATA
3.1. Cookies are small pieces of information in the form of text files that are sent by a server and stored on the website of the Online Store (e.g. on the hard drive of a computer, laptop, or smartphone memory card - depending on the device used by the visitor to our Online Store). You can find detailed information on cookies, as well as the history of their creation, inter alia, here: http://pl.wikipedia.org/wiki/Ciasteczko.
3.2. The Administrator may process the data stored in Cookies when visitors use the website of the Online Store for the following purposes:
3.2.1. identifying the Service Recipients as logged in to the Online Store and showing that they are logged in;
3.2.2. memorizing the Products which have been added to the shopping basket for the purpose of placing an Order;
3.2.3. memorizing data from completed Purchase Order Forms, surveys, or login data to the Online Store;
3.2.4. customizing the content of the Online Store's website to the individual preferences of the Service Recipient (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store's pages;
3.2.5. keeping anonymous statistics depicting the use of the website of the Online Store.
3.5. Detailed information on how to change the Cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your browser and on the following pages (just click on the corresponding link):
3.6. The Administrator also processes anonymized usage data related to the use of the Online Store (so-called logs - IP address, domain) to generate statistics helpful in administering the Online Store. This data is of an aggregate and anonymous nature, i.e. it does not contain any identifying details of the persons visiting the website of the Online Store. The logs are not divulged to third parties.
4. BASIS FOR DATA PROCESSING
4.1. Providing personal data by the Service Recipient or the Customer is voluntary, although failure to provide the personal data indicated on the website of the Online Store and in the Regulations of the Online Store necessary to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services shall result in the lack of possibility to conclude such an agreement.
4.2. The basis for the processing of the Service Recipient's or Customer's personal data is the necessity to perform the contract to which he or she is subject or to take action at his or her request before concluding the contract. In the case of data processing for the purpose of direct marketing of the Administrator's own merchandise or services, the basis for such processing is (1) the prior consent of the Service Recipient, or Client or (2) the fulfillment of the legitimate purposes pursued by the Administrator (based on Article 23(4) RODO, a legitimate purpose is considered to be, in particular, direct marketing of the Administrator's own merchandise or services).
4.3. In the case of data processing for the purpose of expressing the Customer's opinion on a concluded Sales Agreement, the basis for such processing is the consent of the Service Recipient or the Customer.
5. THE RIGHT TO CONTROL, ACCESS AND RECTIFY YOUR DATA
5.1. The Service Recipient or Customer has the right to access and correct the content of his or her personal data.
5.2. Every person has the right to control the processing of data concerning them retained in the Administrator's data set, and in particular the right to request supplementation, updating, rectification, temporary or permanent suspension of its processing or its removal, if the data are incomplete, outdated, inaccurate or have been collected in violation of the Act or are no longer necessary to achieve the purpose for which they were collected.
5.3. If the Service Recipient or the Customer grants permission to the processing of data for the purpose of direct marketing of the Administrator's own merchandise or services, the consent may be revoked at any time.
5.4. If the Administrator intends to process or processes the data of the Service Recipient or Customer for the purpose of direct marketing of the Administrator's own merchandise or services, the data subject is also entitled to (1) submit a written, reasonable request to stop processing his or her data due to his or her particular situation, or to (2) object to the processing of their data.
6. FINAL PROVISIONS
6.2. The Administrator uses technical and organizational efforts to ensure the protection of processed personal data relevant to the threats as well as categories of data that are protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.
6.3. The Administrator provides the following technical measures to prevent unauthorized persons from acquiring and altering personal data sent electronically:
6.3.1. Securing the data set against unauthorized access.
6.3.2. Access to the Account only after entering a personal login and password.