(valid from May 25, 2018)
1. The administrator of personal data collected via the www.amber-cause.com Online Store is Natalia Kwiatkowska who performs business under the name AMBRA Natalia Kwiatkowska entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister responsible for economy, place of performance business and address for service: ul. Waryńskiego 26/27, 80-433 Gdańsk, NIP: 5842563491, REGON: 221086810, e-mail address (e-mail): firstname.lastname@example.org, hereinafter referred to as the “Administrator” and at the same time being the Service Provider.
PURPOSE AND SCOPE OF DATA COLLECTION
1. Personal data will be processed in order to make purchases in our online store, direct marketing regarding own products and services, carried out in a traditional (paper) form, constituting the so-called legitimate interest of the entrepreneur. Data for these purposes will be processed on the basis of art. 6 sec. 1 lit. b), c) and f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC ( GDPR).
2. After expressing a separate consent, pursuant to art. 6 sec. 1 lit. a) GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – in connection with art. 10 sec. 2 of the Act of July 18, 2002 on the provision of electronic services or art. 172 sec. 1 of the Act of July 16, 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the user has consented.
3. If it is necessary to deliver an order, personal data may be made available to postal operators or carriers solely for the purpose of delivering the order. Personal data processed for purposes related to the implementation of purchases will be processed for the period necessary to carry out purchases and orders, after which the data subject to archiving will be stored for the period appropriate for the limitation of claims, i.e. 10 years. Personal data processed for marketing purposes covered by the consent declaration will be processed until the consent is revoked.
4. If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the Inspector General for Personal Data Protection (from May 25, 2018 – the President of the Office for Personal Data Protection).
5. Providing personal data is voluntary, but providing marked personal data is a condition for placing an order, and the consequence of not providing them will be the inability to order products in the store.
6. Personal data will also be processed in an automated manner in the form of profiling, provided that the user agrees to it pursuant to art. 6 sec. 1 lit. a) GDPR. The consequence of profiling will be assigning a profile to a given person in order to make decisions about him or to analyze or predict his preferences, behaviors and attitudes.
7. The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are: 1. processed in accordance with the law, 2.collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes, Factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing.
RIGHT TO CONTROL, ACCESS AND CORRECT YOUR OWN DATA
1.The data subject has the right to access their personal data and the right to rectify, delete, limit processing, the right to transfer data, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing, which was made on the basis of consent before its withdrawal.
2. In order to exercise the rights referred to in point 1, you can send an appropriate e-mail to the following address: email@example.com
1. The Service Provider’s Store uses “cookies”. No change in the browser settings on the part of the Customer is tantamount to consenting to their use.
2. The installation of “cookies” is necessary for the proper provision of services in the Store. The cookie files contain information necessary for the proper functioning of the Store, in particular those requiring authorization.
3. The Store uses three types of “cookies”:
“Session”, “fixed” and “analytical”.
1. “Session” cookies are temporary files that are stored on the User’s end device until logging out (leaving the Store).
2. “Permanent” cookies are stored in the Customer’s end device for the time specified in the parameters of “cookies” or until they are deleted by the Customer.
3. “Analytical” cookies enable a better understanding of the Customer’s interaction in the scope of the Store’s content and better organize its layout. “Analytical” “cookies” collect information on the manner in which the Customer uses the Store, the type of page from which the Customer was redirected, and the number of visits and the duration of the Customer’s visit to the Store’s website. This information does not record specific personal data of the Service Recipient, but is used to develop statistics on the use of the Store.
4. The Service Recipient has the right to decide on the access of “cookies” to his computer by selecting them in his browser window. Detailed information on the possibilities and methods of handling “cookies” is available in the software (web browser) settings.
1. The administrator uses technical and organizational measures to ensure the protection of the processed personal data appropriate to the threats and categories of data protected, in particular, protects the data against unauthorized disclosure, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.
2. The Service Provider provides appropriate technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons.