PRIVACY POLICY |
|
1. |
This Privacy Policy defines the principles of processing of personal
data acquired via the online store at ecolore.eu
(hereinafter referred to as “the Online Store”).
|
|
2. |
The Website is owned by Dorota Fistek-Korbut who runs economic
activity under name Nobilus Dorota Fistek-Korbut seated in Tarnów, Poland (33-100), ul. Wodna 9, entered into
the Business Activity Central Register and Information Record kept by the Minister of Economy, NIP (tax
identification number): 9930269959, Regon (national business registry number): 121521870, hereinafter referred
to as Ecolore.eu. Dorota Fistek-Korbut is also the Personal Information Administrator.
|
|
3. |
Personal data collected by Ecolore.eu via the Online Store are
processed in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter also
referred to as GDPR.
|
|
4. |
Ecolore.eu acts with utmost care to ensure privacy of the Customers,
who visit the Online Store.
|
Article 1 - Type of processed data, objectives and legal ground
|
|
1. |
Ecolore.eu collects information on natural persons performing legal
transactions, which are not related directly to their business activity, natural persons who run business or
professional activity in their own name and natural persons representing incorporated and unincorporated bodies,
which are assigned legal status by law, running business or professional activity in their own name, hereinafter
referred to together as Customers.
|
|
2. |
Personal data of Customers are collected in case of: |
|
a) |
registration of an account in the Online Store for the purpose of
establishment and management of an individual account. Legal grounds: processing is necessary for the
performance of a contract on establishment and management of an Account service (article 6 sec. 1 letter b
of GDPR);
|
|
b) |
placement of an order in the Online Store for the purpose of the
performance of a sales contract. Legal grounds: processing is necessary for the performance of
a sales contract (article 6 sec. 1 letter b of GDPR);
|
|
c) |
subscription of the Newsletter for the purpose of the performance of a contract
concerning a service rendered by electronic means. Legal grounds: consent of a data subject for
the performance of a contract concerning Newsletter service (article 6 sec. 1 letter a of GDPR).
|
|
3. |
During registration of an account in the Online Store, the Customer
shall provide:
|
|
a) |
e-mail address; |
|
b) |
name and surname; |
|
c) |
phone number. |
|
4. |
During registration of an account in the Online Store, the Customer
defines an individual access password to their account. The Customer may change an account later in compliance
with principles defined in Article 5.
|
|
5. |
When placing an order in the Online Store, the Customer shall provide
the following data:
|
|
a) |
e-mail address; |
|
b) |
address: |
|
a. |
postal code and town; |
|
b. |
country (state); |
|
c. |
street and street/flat number; |
|
d. |
voivodeship. |
|
c) |
name and surname; |
|
d) |
phone number. |
|
6. |
In case of Entrepreneurs, the above scope of data is additionally
extended to cover the following data:
|
|
a) |
Entrepreneur’s legal name; |
|
b) |
NIP (tax identification number). |
|
7. |
When using the Newsletter service, the Customer shall provide their
e-mail address only.
|
|
8. |
Additional information may be collected when the Customer uses the
Online Store Website, in particular an IP address assigned to the Customer’s computer or an external IP address
of your internet provider, domain name, type of a browser, access time, type of the operating system.
|
|
9. |
Also navigation data may be collected from the Customers, including
information on links and references they click or other activities undertaken by them in our Online Store. Legal
grounds- legitimate interests (article 6 sec. 1 letter f of GDPR) in form of facilitation of use of
services rendered by electronic means and improvement of functionality of such services.
|
|
10. |
To determine, exercise and enforce claims, come personal data provided
by the Customer when using functionalities of the Online Store may be provided, such as: name, surname,
information about use of services, if claims result from the manner of user of services by the Customer, other
data necessary to prove existence of claim, including the volume of suffered losses. Legal grounds-
legitimate interests (article 6 sec. 1 letter f of GDPR) in form of determination, exercising and enforcement of
claims and defence against claims in litigation and proceeding in front of other public authorities.
|
|
11. |
Personal data are provided to Ecolore.eu on voluntary basis in
relation to concluded sales contracts or services rendered via the Online Store Website, provided that, however,
without data specified in the data forms in the Registration process, Registration and establishment of a Customer
Account is not possible, and if orders are placed without Registration of Customer Account, placement and
fulfilment of Customer order will be impossible.
|
Article 2 - To whom are data disclosed or provided and how long are they stored?
|
|
1. |
Customer’s personal data are provided to providers of services used by
Ecolore.eu when operating the Online Store depending on contractual arrangements and circumstances, they are
either subject to Ecolore.eu’s instructions about manners and ways of data processing (processors) or they
define purposes and manners of processing on their own (data controllers).
|
|
a) |
Processors. Ecolore.eu uses services of providers processing
data on Ecolore.eu’s request only. They include for instance hosting providers, accounting services, providers
of marketing systems, systems of traffic analysis in the Online Store, systems for analysis of marketing
campaign efficiency;
|
|
b) |
Controllers. Ecolore.eu uses services of providers that do not
act on request only, but they define the objectives and manners of use of Customers’ personal data. They render
electronic payment and banking services.
|
|
2. |
Location. Providers of services have their registered offices
mainly in Poland and other countries of the European Economic Area (EEA).
|
|
3. |
Customers’ personal data are stored: |
|
a) |
If Customer’s personal data are processed on the basis of a consent,
they shall be processed by Ecolore.eu until the consent is not cancelled, and after cancellation of the consent
– for a period of time corresponding to the period of limitation of claims that may be raised by or against
Ecolore.eu. If it is not provided otherwise in a specific provision, period of limitation amounts to six
years, and in case of claims concerning periodical services or claims related to business activity – three
years;
|
|
b) |
If personal data are processed on the basis of execution of the
contract, then the Customers’ personal data shall be processed by Ecolore.eu as long, as it is necessary for
execution of the contract, and afterwards – for a period of time corresponding to the period of limitation
of claims. If it is not provided otherwise in a specific provision, period of limitation amounts to six
years, and in case of claims concerning periodical services or claims related to business activity – three
years.
|
|
4. |
In case of a purchase in the Online Store, personal data may
disclosed, at the Customer’s discretion, to the following entities for the purpose of delivery of ordered goods:
|
|
a) |
Courier company; |
|
b) |
InPost Paczkomaty Sp. z o.o. with registered office in Krakow
rendering services of delivery and operation of parcel box system (Paczkomaty);
|
|
c) |
Poczta Polska S.A. with registered office in Warsaw. |
|
5. |
If the Customer selects payment via PayU system, their personal data
are disclosed in the scope necessary for execution of payment to PayU S.A. with registered office in Poznań
(60-166), ul. Grunwaldzka 182, entered into the register of entrepreneurs kept by the District Court for the
Poznań - Nowe Miasto i Wilda in Poznań, 8th Economic Department of the National Court Register under
number KRS 0000274399.
|
|
6. |
Navigation data may be used in order to provide Customers with better
services, statistical data analysis and adjustment of the Online Store to Customer preferences and to operate
the Online Store.
|
|
7. |
If the Customer subscribes the Newsletter, Ecolore.eu shall send to
the Customer’s e-mail address electronic messages with commercial information about promotions and new products
available in the Online Store.
|
|
8. |
In case of a respective request, Ecolore.eu discloses personal
data to authorised state authorities, in particular to organisational units of the prosecutor’s office, the
Police, the Chairperson of the Personal Data Protection Office, the Chairperson of the Office of Competition and
Consumer Protection or the Chairperson of the Office of Electronic Communications.
|
Article 3 - Cookie files, IP address
|
|
1. |
The Online Store uses small files called cookies. They are stored by
Ecolore.eu on the terminal device of a visitor to the Online Store, if it is allowed by an Internet
browser. A cookie file contains usually a domain name, from which it originates, its “expiry time” and
individual randomly selected number that identifies such file. Information collected via such type of files
enables adjustment of Ecolore.eu products to individual preferences and actual needs of visitors to the Online
Store. It offers a possibility to prepare general statistics of visits of products presented in the Online
Store.
|
|
2. |
Ecolore.eu uses two types of cookie files: |
|
a) |
Session cookies: after end of a given session of a browser
or switch off of a computer they are deleted from computer memory. The mechanism of session cookies does
not enable collection of any personal data or confidential information from Customer’s computers;
|
|
b) |
Permanent cookies: are stored in the memory of Customer’s
terminal device and stay there until they are deleted or expire. The mechanism of permanent cookies does not
enable collection of any personal data or confidential information from Customer’s computers.
|
|
3. |
Ecolore.eu uses own cookies for the purpose of: |
|
a) |
authorisation of the Customer in the Online Store and ensuring
Customer’s session in the Online Store (after logging), thanks to which the Customer does not need to type in a login
and a password on every page of the Online Store;
|
|
b) |
analyses and studies, and audience measurement, in particular to
prepare anonymous statistics which support understanding of the manner of use of the Online Store Website by
Customers, which enables improvement of its structure and contents.
|
|
4. |
Ecolore.eu uses external cookies for the purpose of: |
|
a) |
presentation of the map with localisation of Ecolore.eu’s office on
the Online Store’s information pages by means of portal maps.google.com (controller of external cookies: Google
Inc with registered office in the US);
|
|
b) |
collecting general and anonymous statistical data by means of analytic
tools Google Analytics (controller of external cookies: Google Inc with registered office in the US);
|
|
c) |
Presentation of Reliable Regulation Certificate via website
rzetelnyregulamin.pl (external cookie controller: Rzetelna Grupa sp. z o.o. with registered office in
Warsaw).
|
|
5. |
The cookie mechanism is safe for computers of the Online Store
Customers. In particular, no viruses or other unwanted or malicious software may invade Customer computers this
way. Still, in their browsers Customers have a possibility to restrict or switch off access of cookie files
to computers. If such option is activated, the Online Store may be used save for functions that due to their
nature require cookie files.
|
|
6. |
Below we present how to change setting of popular internet browsers in
respect to cookie files:
|
|
a) |
Internet Explorer browser;
|
|
b) |
Microsoft EDGE browser;
|
|
c) |
Mozilla Firefox browser;
|
|
d) |
Chrome browser;
|
|
e) |
Safari browser;
|
|
f) |
Opera browser.
|
|
7. |
Ecolore.eu may store IP addresses of the Customers. IP address is a number
assigned to a computer of a visitor in the Online Store, by an internet provider. IP number enables
access to the Internet. In the majority of cases it is assigned dynamically to a computer, that is it
changes for each connection with the Internet, and that is why it is commonly treated non-personal identifying
information. IP address is used by Ecolore.eu for detection of technical problems with the server, preparation
of statistical analyses (e.g. determination, from what regions the majority of visitors come from), as
information helping with administration and improvement of the Online Store and for safety purposes and possible
identification of unwanted automatic programmes searching through the contents of the Online Store that load the
server.
|
|
8. |
The Online Store contains links and references to other websites.
Ecolore.eu shall not be held liable for privacy protection principles in force on such websites.
|
Article 4 - Rights of data subjects
|
|
1. |
The right to withdraw consent – legal ground: article 7 sec. 3
of GDPR.
|
|
a) |
The Customer has a right to withdraw consent granted to
Ecolore.eu.
|
|
b) |
Withdrawal of consent shall be effective as the time of withdrawal.
|
|
c) |
Withdrawal of consent shall not affect the lawfulness of processing
before its withdrawal.
|
|
d) |
Withdrawal of consent shall not entail any negative consequences for
the Customer, but may prevent them from further use of services of functionalities, which may be lawfully
provided by Ecolore.eu only upon consent of the Customer.
|
|
2. |
Right to object to personal data processing - legal ground:
article 21 of GDPR.
|
|
a) |
The Customer shall have the right to object, on grounds relating to
their particular situation, at any time to processing of personal data concerning them, including profiling, if
Ecolore.eu processes their data on the basis of a legitimate interest, such e.g. marketing of Ecolore.eu’s
products and services, statistic concerning use of individual functionalities of the Online Store and
facilitation of use of the Online Store, and Customer satisfaction surveys;
|
|
b) |
An e-mail resignation from marketing communications on products or
services will mean the Customer’s objection to processing of their personal data, including profiling for those
purposes;
|
|
c) |
If the Customer’s objection is reasonable and Ecolore.eu has no other
legal grounds to process personal data, the Customer’s personal data, whose processing has been objected by the
Customer, will be deleted.
|
|
3. |
Right to erasure (“right to be forgotten” ) - legal ground:
article 17 of GDPR.
|
|
a) |
The Customer has the right to demand erasure of all or some personal
data;
|
|
b) |
The Customer has the right to demand the erasure of some personal
data, if:
|
|
a. |
the personal data are no longer necessary in relation to the purposes
for which they were collected or processed;
|
|
b. |
the Customer has withdrawn consent in the scope in which personal data
have been processed on the basis of their consent;
|
|
c. |
the Customer has objected to use of their data for marketing
purposes;
|
|
d. |
the personal data are unlawfully processed; |
|
e. |
the personal data have to be erased for compliance with a legal
obligation in Union or Member State law to which Ecolore.eu is subject;
|
|
f. |
the personal data have been collected in relation to the offer
of information society services.
|
|
c) |
Despite of demand of erasure of personal data in relation to an
objection or withdrawal of consent, Ecolore.eu may retain some full personal data in the scope, in which
processing is necessary for determination, claiming or defence against claims, and for fulfilment of the legal
obligation requiring data processing under the legislation of the European Union or a Member State to which
Ecolore.eu is subject. It refers in particular to: name, surname, e-mail address, which are retained for the
purpose of examination of complaints and claims related to use of Ecolore.eu services, or additionally an
address of residence/ correspondences, order number, which are retained for the purpose of examination of
complaints and claims related to concluded sales agreements or service agreements.
|
|
4. |
Right to restriction of processing- legal ground: article 18 of
GDPR.
|
|
a) |
The Customer shall have the right to obtain from the controller
restriction of their personal data processing. Submission of such demand, until its examination, prevents the
use of specified functionalities or services, the use of which would be related with processing of personal data
subject to such demand. Moreover, Ecolore.eu will not send any message, including marking communications.
|
|
b) |
The Customer shall have the right to demand restriction of their
personal data processing in the following cases:
|
|
a. |
When they contest the acccuracy of their personal data; then
Ecolore.eu shall restrict their use for a period enabling verification of the accuracy of the personal
data, but no longer than for 7 days;
|
|
b. |
When data processing is unlawful and the Customer demands restriction
of their use instead of their erasure;
|
|
c. |
When personal data are no longer necessary for the purposes of their
collection or use, but they are needed by the Customer in order to determine, exercise or defend claims;
|
|
d. |
When the Customer objected to proceeding of their data- then the
restriction is introduced for a period necessary to consider whether, due to exceptional circumstances –
protection of the Customer’s interests, rights and freedoms prevails over the interests, which are exercise by
the Controller when proceeding Customer’s personal data.
|
|
5. |
Right of access to data - legal ground: article 15 of GDPR.
|
|
a) |
The Customer shall have the right to obtain a confirmation from
the Controller, whether or not it processes personal data, and if yes, the Customer shall have the right to:
|
|
a. |
obtain access to their personal data; |
|
b. |
obtain information on the purposes of the processing, the categories
of processes personal data, the recipients or categories of recipients of such data, the envisaged period for
which the personal data will be stored or the criteria used to determine that period (if determination of the
planned period of data processing is not possible), on Customer’s rights under the GDPR and the right to lodge a complaint
with a supervisory authority, on the source of such data, automated decision-making, including profiling
and security devices applied due to the transfer of such data outside the European Union;
|
|
c. |
obtain copies of their personal data. |
|
6. |
Right to rectification - legal ground: article 16 of GDPR |
|
a) |
The Customer shall have the right to obtain from the Controller
without undue delay the rectification of inaccurate personal data concerning the Customer. Taking into account
the purposes of the processing, the Customer shall have the right to have incomplete personal data completed,
including by means of providing a supplementary statement, sending the respective request to the e-mail
address in compliance with Article 6 of the Privacy Policy.
|
|
7. |
Right to data portability- legal ground: article 20 of GDPR.
|
|
a) |
The Customer shall have the right to obtain their personal data, which
were provided to the Controller, and then to send them to another data controller selected by the Customer. The
Customer shall have the right to demand that such personal data are sent directly by us to another data
controller, if this is technically feasible. In such case the Controller shall sent the Customer’s personal data
in a csv file, which is a commonly used machine-readable format, allowing transfer of processed data
to another data controller.
|
|
8. |
If the Customer wishes to exercise any of the foregoing rights,
Ecolore.eu fulfils a request or refuses to fulfil it promptly, but no later than within a month of its
receipt. If, however, due to a complex nature of a demand or a number of demands Ecolore.eu is
not able to fulfil demand within one month, it shall fulfil it during the following two month, notifying the
Customer earlier within a month from receipt of the demand on the intended prolongation of the period and
about own activities.
|
|
9. |
The Customer may file complaints, questions or requests concerning
processing of their personal data and execution of this rights.
|
|
10. |
The Customer has the right to demand that Ecolore.eu provides copies
of standard contractual clauses, sending a request in the was define in Article 6 of the Privacy
Policy.
|
|
11. |
The Customer shall have the right to file a complaint to the
Chairperson of the Office of Personal Data Protection in respect to violation of their rights for personal data
processing or other rights granted under the GDPR.
|
Article 5 - Security management – the password
|
|
1. |
Ecolore.eu ensures safe and encrypted connection to the Customers
during transfer of personal data and logging to the Customer Account on the Portal. Ecolore.eu uses SSL
certificate issued by one of the world leaders in respect to security and encryption of data sent via the
Internet.
|
|
2. |
If the Customer, who has an account in the Online Store, losses their
password anyhow, the Online Store enables generation of a new password. Ecolore.eu shall not send a password
reminder. The password is stored in a database in an encrypted form, which prevents from its reading. To
generate a new password, the Customer should provide e-mail address in a form available at a link
entitled “Do not remember password?”, next to the account logging form in the Online Store. The Customer will
receive an e-mail to the e-mail address provided during registration or recorded during the last change of the
account profile, which redirects the Customer to a dedicated form published on the Online Store Website in
order for the Customer to define a new password.
|
|
3. |
Ecolore.eu does not send any correspondence, including electronic
correspondence with a request for provision of logging data, in particular the password to the Customer’s
Account.
|
Article 6 - Amendments of the Privacy Policy
|
|
1. |
The Privacy Policy may be amended, about which the Customer will be
notified by Ecolore.eu at 7 days in advance.
|
|
2. |
Inquiries related to the Privacy Policy should be sent to: kontakt
shop@ecolore.eu
|
|
3. |
Date of the last modification: 26.02.2019 |