1. General provisions
2. The terms used in the policy mean:
- Service: on-line shop www.sklep.enger.pl
- User: entity using the Service;
- Owner: Robert Kwiecień, ul. Zagrody 25, 32-200, running a business as the ENGER company Robert Kwiecień, registered in the Central Register and Information on Business Activity, NIP: 6591047490, Regon: 351189474, electronic address firstname.lastname@example.org;
- Cookies: text files sent by the Website and saved on the User’s end device, which the User uses while browsing the website. The files contain the information necessary for the proper functioning of the service. Cookies usually include the domain name of the Internet service from which they originate, the length of time they are stored on the end device, and the number.
3. The policy aims in particular at:
- ensuring the protection of users’ privacy to the standards and requirements of applicable laws.
4. The owner shall limit the collection and use of information relating to users to the minimum necessary for the provision of services to them.
5. To gain full access through the Service to the content and services offered by the Owner, it is advisable to accept the rules resulting from the Policy. Acceptance can be made by using the software settings installed on the device that is used or by configuring the service.
6. The following legal provisions, among others, apply:
- Telecommunications Law Act of 16 July 2004 (J L 2019.2460 i.e., as amended);
- Act of 18 July 2002 on the provision of electronic services (J L. 2020.344 i.e. as amended);
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016) together with the Polish legislation on personal data protection (hereinafter: ‘Regulation’);
- Law of 10 May 2018 on the protection of personal data (OJ 2019, it 1781).
2. Protection of privacy and personal data
1. Data concerning the Users are processed by the Owner following the law. The personal data of the Users obtained by the owner shall be processed based on the consent given by the User or of any other reason for the processing of the data following the rules, in particular the Regulation.
2. The owner shall exercise special care to protect the interests of the data subject and in particular, shall ensure that the data are:
- processed lawfully, fairly and transparently for the Clients and other data subjects;
- collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- adequate, appropriate and limited to what is necessary for the purposes for which they are processed;
- correct and updated as necessary;
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed;
- processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational measures,
3. The owner shall take appropriate technical and organisational measures to ensure the protection of personal data processed, appropriate to the nature, scope, context and purpose of the processing, and the risk of infringement of the rights or freedoms of individuals.
4. The Owner strives to systematically modernise the IT, technical and organisational measures for the protection of such data, in particular, the Owner shall ensure that the IT protection measures are updated to protect against viruses, unauthorised access and other threats resulting from the operation of the IT system and telecommunications networks.
5. Apart from other cases arising from legal regulations, the Owner may process the following personal data of the Customer necessary to establish, shape the content, amend or terminate the contract:
1) Customer’s name and forenames;
2) the permanent address of residence;
3) address for correspondence, if different from the address of residence;
4) Customer e-mail addresses;
5) telephone number;
6. The owner may process, with the consent of the Customer and for advertising, market and customer behaviour and preferences research, the results of such research to improve the quality of the services, other data relating to Customer which is not necessary for the provision of the Service by electronic means.
7. Each User who has made his or her data available to the Owner in any way shall be granted access to the data and exercise other rights by the data subjects following the applicable legal provisions, including those persons:
- the right to withdraw consent on the processing of personal data;
- the right to information concerning their data;
- the right to control the processing of data, including their completion, updating, rectification and erasure;
- the right to object to or to restrict processing;
5) the right to complain to the supervisory authority and to use other legal means to protect their rights.
8. The owner may process personal data in an automated manner, including through profiling, under the terms of the Regulation. In this case, the owner’s actions are intended to serve as marketing purposes or to customize messages sent to users (including matching the information to the User’s needs or expectations). The User has the right to object to such processing of data, which may be expressed by sending a message to the address of the owner.
9. A person who has access to personal data shall process it only under the authority of the owner or under the agreement to entrust the processing of personal data and only at the request of the owner.
10. In connection with the activity of the Service, the Owner uses the services of other entities, including to execute the agreement with the User. Users’ data may be transferred to:
1) hosting company,
2) Service software suppliers,
3) internet service providers,
4) companies providing courier or postal services,
5) providers of electronic payment platforms,
5) providers of invoicing software
6) entities providing accounting services;
7) marketing or advertising service providers.
2. Cookies are used to:
- adapt the content of the service to preferences and to improve the quality of service.
- optimize the use of the service, in particular by identifying the end-user device,
- the production of statistics,
- maintain user’s session
- provide the User with advertising content.
3. The owner processes statistical information about the use of the service, including session information, IP number, time spent on individual pages and sub-pages, use of individual service functionality, device information, and web browser information. Such data shall be processed following Article 6(1)(f) of the Regulation in the legitimate interest of the controller to facilitate the use of the service, to improve the quality and functionality of the services provided, and the processing of such data shall be without prejudice to the rights and freedoms of users. Information about users is not used for any additional purposes.
4. This data shall be processed as part of the owner’s current activities, but not more than 60 days after receipt of the information. After this time, the Owner may further process general statistical data, which will be deprived of any information concerning individual Users.
5. Please note that in some cases, the software installed by the User on the terminal device, used for browsing websites (e.g. a web browser) introduces a default storage of Cookies in the User’s terminal device. Users can change the Cookies settings at any time. These settings can be changed, among other things, to block automatic settings of Cookies or to inform on their placement in the end-users device. Detailed information about the possibilities and ways of handling cookies are available in the software settings (browser).
7. Changing the settings is an objection that may cause inconvenience in using the Website in the future. Disabling the option of accepting Cookies allows the User to view the website content except when it is required to log in to access it.
8. Leaving the settings unchanged means that the data will be placed in the User’s final device (using the Website will cause automatic placement of cookies in the User’s final device).
9. Cookies are stored on users’ devices for a maximum of 12 months.
10. The stored data placed in the User’s end device do not cause any configuration changes in the User’s end device or the software installed in that device.
11. The information on Cookies also applies to other similar technologies used in the Service.
1. Claims can be submitted to the owner in electronic form at email@example.com.
2. There is a possibility of using out-of-court ways of handling complaints and pursuing claims in legal relations with Consumers, including:
1) Electronic dispute resolution via ODR (online dispute resolution), available at https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=PL
2) the possibility of arbitration proceedings before a common court or other authorities.
3. The owner undertakes to deal with the complaint within 14 days.
4. If the complaint is acknowledged, the Owner will take appropriate action.
5. To process the complaint, the owner shall process the data of the users submitting the complaint, in particular the e-mail address, name, content of the complaint, circumstances of the complaint, information obtained during the complaint handling process, including an explanation of the incident that caused the complaint. In the course of processing the complaint, the Owner may process some other information, including information about the User’s use of the Services, cookies or other similar technologies, information about devices. These data are processed following Article 6 (1) (b) of the Regulation to deal with the complaint and are processed for the time necessary to deal with the complaint and after the complaint procedure has been completed for archiving purposes following the Accounting Act, in the event of defence against possible claims against the service provider.
6. Where an investigation is initiated for possible breach of the provisions of the Regulations, Policy or law, rules of social coexistence or good manners, the Owner may process the User’s data until the end of the pending proceedings and until the expiry of the limitation period for claims, which usually amounts to 3 years, but in special cases provided for by law it may be longer. The data will then be processed, including those made available following Article 6(1)(f) of the Regulation, i.e. in the controller’s legitimate interest in pursuing its claims against the User. The legitimate interest of the controller will then take precedence over the rights and freedoms of the user.
5. Final provisions
1. The policy was adopted by order of the Owner and enters into force on 10.04.2020.
2. Any deviation from the Policy must be made in writing under pain of nullity.
3. The law applicable to the Policy is the law of the Republic of Poland.
4. In matters not covered by the Policy, the relevant legal provisions shall apply.