Privacy Policy

1. GENERAL PROVISIONS

  1. The Controller of personal data collected via the online Store at www.swiecznikiozdobne.pl is OZDOBNE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, entered into the Register of Entrepreneurs by the DISTRICT COURT IN TORUŃ, VII COMMERCIAL DIVISION OF THE NATIONAL COURT REGISTER under KRS number: 0001075067, with a share capital of: 5,000.00 PLN, place of business and address for service: ul. Zbożowa 43/48, 87-100 Toruń, NIP (Tax Identification Number): 9562389114, REGON (National Business Registry Number): 527189771, e-mail address: sklep@swiecznikiozdobne.pl, telephone number: +48 791 304 999, hereinafter referred to as the “Controller,” who is also the “Service Provider.”
  2. Personal data collected by the Controller through the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR.”
  3. Any words or expressions written with a capital letter in this Privacy Policy shall be understood in accordance with their definition contained in the Terms and Conditions of the www.swiecznikiozdobne.pl online Store.

2. TYPE OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes the personal data of the Service Recipients of the www.swiecznikiozdobne.pl Store in the case of:
    1. Account registration in the Store, for the purpose of creating an individual account and managing that Account, based on Article 6(1)(b) of the GDPR (performance of a contract for the provision of electronic services in accordance with the Store’s Terms and Conditions).
    2. Placing an Order in the Store, for the purpose of executing a Sales Agreement, based on Article 6(1)(b) of the GDPR (performance of a sales agreement).
    3. Using the Opinion System, to enable the Customer to express their opinion about the Product purchased in the Store and the Sales Agreement concluded with the Seller, based on Article 6(1)(f) of the GDPR (legitimate interest of the entrepreneur).
  2. TYPE OF PERSONAL DATA PROCESSED. The Service Recipient provides, in the case of:
    1. Account: e-mail address.
    2. Order: first and last name, address, NIP (Tax Identification Number), e-mail address, telephone number.
    3. Opinion System: first and last name, e-mail address.
  3. PERIOD OF PERSONAL DATA ARCHIVING. The personal data of Service Recipients is stored by the Controller:
    1. Where the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the statute of limitations for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
    2. Where the basis for data processing is consent, for as long as the consent is not withdrawn, and after its withdrawal for a period of time corresponding to the statute of limitations for claims that the Controller may raise and that may be raised against the Controller. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
  4. When using the Store, additional information may be collected, in particular: the IP address assigned to the Service Recipient’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  5. After giving separate consent, based on Article 6(1)(a) of the GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – in connection with Article 398(1) and (2) of the Act of 12 July 2024 – Electronic Communications Law, including those targeted as a result of profiling, provided the Service Recipient has given the appropriate consent.
  6. Navigational data may also be collected from Service Recipients, including information about links and references they decide to click on or other actions taken in the Store. The legal basis for such activities is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of facilitating the use of services provided electronically and improving the functionality of these services.
  7. Providing personal data by the Service Recipient is voluntary.
  8. The Controller takes special care to protect the interests of the data subjects and, in particular, ensures that the data collected by him is:
    1. processed lawfully,
    2. collected for specified, legitimate purposes and not subjected to further processing inconsistent with those purposes,
    3. factually correct and adequate in relation to the purposes for which it is processed, and stored in a form that allows for the identification of the persons to whom it relates for no longer than is necessary to achieve the purpose of the processing.

3. SHARING OF PERSONAL DATA

  1. The personal data of Service Recipients is transferred to service providers used by the Controller in running the Store, in particular to:
    1. entities delivering the Products,
    2. payment system providers,
    3. opinion survey system providers,
    4. an accounting office,
    5. a hosting provider,
    6. a software provider enabling business operations,
    7. entities providing a mailing system,
    8. a software provider needed to run the online store.
  2. Service providers (referred to in point 1 of this paragraph) to whom personal data is transferred, depending on contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and methods of processing this data (processors) or determine the purposes and methods of its processing themselves (controllers).
  3. The personal data of Service Recipients is stored exclusively within the European Economic Area (EEA), subject to §5 point 5 and §6 of the Privacy Policy.

4. THE RIGHT TO CONTROL, ACCESS, AND CORRECT ONE’S OWN DATA

  1. The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  2. Legal basis for the Service Recipient’s request:
    1. Access to data – Article 15 of the GDPR.
    2. Rectification of data – Article 16 of the GDPR.
    3. Erasure of data (the so-called right to be forgotten) – Article 17 of the GDPR.
    4. Restriction of processing – Article 18 of the GDPR.
    5. Data portability – Article 20 of the GDPR.
    6. Objection – Article 21 of the GDPR.
    7. Withdrawal of consent – Article 7(3) of the GDPR.
  3. To exercise the rights referred to in point 2, a relevant e-mail message can be sent to the address: sklep@swiecznikiozdobne.pl.
  4. In the event that a Service Recipient exercises a right resulting from the above rights, the Controller shall fulfill the request or refuse to fulfill it immediately, but no later than within one month of its receipt. However, if – due to the complex nature of the request or the number of requests – the Controller is unable to fulfill the request within one month, it will do so within the next two months, informing the Service Recipient in advance, within one month of receiving the request, about the intended extension of the deadline and its reasons.
  5. If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

5. “COOKIES” FILES

  1. The Controller’s website uses “cookies.”
  2. The installation of “cookies” is necessary for the proper provision of services on the Store’s website. “Cookies” contain information necessary for the proper functioning of the website, and they also provide the opportunity to compile general statistics of website visits.
  3. The website uses two types of “cookies”: “session” and “persistent.”
    1. “Session” cookies are temporary files that are stored on the Service Recipient’s end device until they log out (leave the site).
    2. “Persistent” cookies are stored on the Service Recipient’s end device for the time specified in the parameters of the “cookies” or until they are deleted by the Service Recipient.
  4. The Controller uses its own cookies to better understand how Service Recipients interact with the content of the site. The files collect information about the way the website is used by the Service Recipient, the type of site from which the Service Recipient was redirected, and the number of visits and the time of the Service Recipient’s visit to the website. This information does not record specific personal data of the Service Recipient but is used to compile statistics on the use of the site.
  5. The Controller also uses external cookies to collect general and anonymous statistical data through the analytical tools of Google Analytics (external cookie controller: Google LLC, based in the USA).
  6. Cookies may also be used by advertising networks (in particular the Google network) to display ads tailored to the way the Service Recipient uses the Store. For this purpose, they may store information about the Service Recipient’s navigation path or the time spent on a particular page.
  7. The Service Recipient has the right to decide on the access of “cookies” to their computer by:
    1. selecting the types of cookies they consent to have collected right after entering the Store’s website when the cookie notice appears,
    2. changing the settings in their browser window. Detailed information about the possibilities and methods of handling “cookies” is also available in the software settings (web browser).

6. ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE

  1. The Store uses so-called social plugins (“plugins”) from social networking sites. When displaying the website www.swiecznikiozdobne.pl, which contains such a plugin, the Service Recipient’s browser will establish a direct connection with the servers of Facebook, Instagram, Pinterest, and Google.
  2. The content of the plugin is transmitted by the respective service provider directly to the Service Recipient’s browser and integrated with the page. Thanks to this integration, the service providers receive information that the Service Recipient’s browser has displayed the www.swiecznikiozdobne.pl page, even if the Service Recipient does not have a profile with that service provider or is not currently logged in. This information (along with the Service Recipient’s IP address) is sent by the browser directly to the server of the respective service provider (some servers are located in the USA) and stored there.
  3. If the Service Recipient logs into one of the above social networking sites, the service provider will be able to directly associate the visit to www.swiecznikiozdobne.pl with the Service Recipient’s profile on that social networking site.
  4. If the Service Recipient uses a given plugin, e.g., by clicking the “Like” button or the “Share” button, the relevant information will also be sent directly to the server of the respective service provider and stored there.
  5. The purpose and scope of data collection and its further processing and use by the service providers, as well as the possibility of contact and the Service Recipient’s rights in this regard and the possibility of making settings to protect privacy, are described in the privacy policies of the service providers:
  6. If the Service Recipient does not want social networking sites to associate the data collected during visits to www.swiecznikiozdobne.pl directly with their profile on a given site, they must log out of that site before visiting www.swiecznikiozdobne.pl. The Service Recipient can also completely prevent plugins from loading on the page by using appropriate extensions for their browser, e.g., script blocking with “NoScript.”
  7. The Controller uses remarketing tools on its website, i.e., Google Ads. Their use involves the use of cookies from Google LLC related to the Google Ads service. Within the mechanism for managing cookie settings, the Service Recipient has the option to decide whether the Service Provider can use Google Ads (external cookie controller: Google LLC, based in the USA) in relation to them.

7. FINAL PROVISIONS

  1. The Controller applies technical and organizational measures to ensure the protection of the processed personal data, appropriate to the threats and categories of data protected, and in particular, secures the data against its disclosure to unauthorized persons, seizure by an unauthorized person, processing in violation of applicable laws, and alteration, loss, damage, or destruction.
  2. The Controller provides appropriate technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically.
  3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.