Polish Shop - Krzysztof Maly (seller) is the administrator of personal data.
We care not only about the confidentiality of our customers' data, but also about your time, which is why we have prepared an abbreviated version of the most important rules related to the protection of personal data.
If this information is not enough for you, you will find more details below.
The administrator of your personal data within the meaning of the provisions on the protection of personal data is the Polish Shop - Krzysztof Maly company, IDE: CHE-183.272.832 VAT.
The objectives, the legal basis and the period of processing of personal dataare indicated separately for each purpose of the data processing (see the description of the specific objectives of the processing of personal data below).
Permissions. The GDPR (General Data Protection Regulation) grants you the following potential rights related to the processing of your personal data:
1) the right of access to personal data,
2) the right to rectify personal data,
3) the right to delete personal data,
4) the right to limit the processing of personal data,
5) the right to object to the processing of personal data,
6) the right to transfer data,
7) the right to lodge a complaint with the supervisory body,
8) the right to withdraw consent to the processing of personal data, if such consent has been expressed.
The rules relating to the implementation of the rights indicated are described in detail in art. 16 to 21 of the GDPR; we strongly encourage you to read these rules. For our part, we consider it necessary to explain to you that the rights mentioned above are not absolute and that they will not be applicable in all the operations of processing your personal data. For your convenience, we have made efforts to indicate your rights in the description of each individual data processing operation.
We would like to point out that one of the rights mentioned above is always applicable: if you believe that we have violated the provisions on the protection of personal data when processing your personal data, you can always file a complaint with the supervisory body (in Switzerland: The Federal Data Protection and Information Commissioner (FDPIC), in United Kingdom: Information Commissioner’s Office (ICO), and so on).
Security. We guarantee the confidentiality of all personal data transmitted to us. We ensure that all the security and data protection measures required by the provisions on the protection of personal data are taken. Personal data is collected diligently and protected properly against unauthorised access.
User account. By creating a user account, you must enter your email address and set the password for your account. Providing data is voluntary, but necessary to create an account. In order to change your user account, you must provide other data about yourself, including your name, billing address and shipping address. Providing this data is entirely voluntary.
The data entered by you during the configuration of the user account is processed only in order to maintain your account and allow you to use it. Providing data in the user account is intended to facilitate the ordering process thanks to the possibility to fill the order form automatically.
The legal basis for the processing of personal data as part of the user account is the user account management contract that you place on the basis of the store's regulation (letter b, paragraph 1, art. 6 of the GPDR).
Your data will be processed as part of the account as long as you keep your user account. After the deletion of the account, the data will also be deleted from the database, with the exception of the previously placed orders.
You may at any time access your personal data processed in connection with the account by logging into your user account. After logging in to the account, you can modify and delete your data at any time, with the exception of order data that you have previously placed. You can also decide to delete your account at any time.
Regarding the data stored in the user account, you have the right to transfer them, referred to in art. 20 of the GDPR.
Orders. By placing an order, you must provide the necessary data to execute the order, namely the first and last name, the billing address, the delivery address, the email address and the telephone number. Providing data is voluntary, but necessary to place the order.
The data provided to us in the context of the order placement are processed so as to execute the order (letterb, paragraph 1, art. 6 of the GDPR), to issue an invoice (letterc, paragraph 1, art. 6 of the GDPR), to include the invoice in our accounting documentation (letter c, paragraph 1, art. 6 of GDPR) and for archival and statistical purposes (letter f, paragraph 1, art. 6 of the GDPR).
Orders are also stored in our internal database for archival and statistical purposes.
Order data will be processed for the period of time required for the performance of the contract, and then until the expiry period for the claims of the concluded contract. In addition, after this date, the data may still be processed by us for statistical purposes. Please note that we are obliged to store invoices with your personal data for a period of 10 years from the end of the fiscal year in which the tax obligation arose.
In the case of the data concerning the orders, it is not possible to rectify them after the processing of the order. You also can not object to the processing of data and require the deletion of data until the expiry period for the claims of the concluded contract. Similarly, you can not object to the processing of data and request the deletion of the data contained in the invoices. However, once the period for the claims of the concluded contract expires, you may object to the further processing of your data for statistical purposes, as well as request the deletion of data from our database.
With regard to the order data, you also have the right to transfer the data, as referred to in art. 20 of the GDPR.
Newsletter. If you wish to subscribe to the newsletter, send us your e-mail address via newsletter registration form.
The data provided to us when subscribing to the newsletter is used to send the newsletter, and the legal basis of its treatment is your very consent (letter a, paragraph 1, art. 6 of the GDPR) expressed when subscribing to the newsletter.
The data will be processed for the entire period of the newsletter functioning, unless you decide to stop receiving it beforehand, which will subsequently delete all your personal data from the database.
At any time, you can correct your data stored in the database of the newsletter, as well as request its removal, by giving up receiving the newsletter. You also have the right to transfer the data, as referred to in art. 20 of the GDPR.
Complaints and withdrawal of the contract. If you submit a claim or withdraw from the contract, you provide us with personal data contained in the claim or withdrawal statement, namely your name, address, telephone number, email address and bank account number.
The data provided to us when submitting a claim or withdrawing the contract is used to implement the claim procedure or the procedure for withdrawal from the contract (letter c, paragraph 1 art. 6 of the GDPR).
The data will be processed for the time necessary to complete the claim procedure or the contract withdrawal procedure. Complaints and statements regarding the withdrawal of the contract may also be archived for statistical purposes.
In the case of the data contained in the claims and in the withdrawal statements of the contract, the processed data can not be rectified. You also can not object to the processing of data and require the deletion of data until the expiry of claims regarding the concluded contract. However, after the expiry of the claims of the concluded contract, you may object to further processing of your data for statistical purposes, as well as request the deletion of data from our database.
Email contact. By contacting us by e-mail, which includes sending a request via contact form, you provide us with your e-mail address as the address of the sender. In addition, other personal data may be included in the body of the message.
In this case, the data is processed in order to contact you, and the legal basis for this is paragraph 1, art. 6, that is: your very consent resulting from a contact with us. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (letter c, paragraph 1, art. 6).
The contents of correspondence can be archived and we are not able to clearly determine when it will be deleted. You have the right to require the submission of a correspondence history that has been exchanged with us (if it had been archived) and to require its removal, unless its archiving is justified by our overriding interests, eg. the defense against potential claims on your part.
Cookies are small text files stored on your terminal equipment (a computer, a tablet, a smartphone, etc.) that can be read by our teleinformatic system.
Cookies can be divided into two categories: own and third party cookies.
More details below.
Own cookies. We use own cookies to ensure the proper functioning of the site, including remembering the connected user, the cart and the language selected on the site.
Third-party cookies. Our site, like most current websites, uses functions provided by third parties, which involves the use of third-party cookies. The use of these types of cookies is described below.
Marketing. We use marketing tools such as Facebook Pixel to target your ads. This is related to the use of Facebook cookies. We use Google AdWords remarketing tools. This involves the use of Google LLC cookies for the Google AdWords service.
The use of the site involves sending requests to the server on which the site is stored. Each request to the server is logged in the server logs.
Logs include your IP address, server date and time, web browser information, and the operating system used. The logs are saved and stored on the server.
The data stored in the server logs is not associated with specific persons using the site and is not used to identify you.
Server logs are only auxiliary hardware used to administer the site; their content is not disclosed to anyone except those authorised to administer the server.