Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/9 has been in force since 25 May 2018. EC (General Data Protection Regulation) (hereinafter: GDPR).
We ensure that personal data collected by the Administrator are processed in accordance with the provisions of the GDPR. Below we present information on the principles of processing your personal data. Capitalized words have the meanings specified in the Terms and Regulations, which you can read in the “Terms and Regulations” tab.
Who is the administrator of your personal data?
The administrator of personal data is ORM Operacje sp. z o.o. with its registered office in Warsaw, Grójecka 113 m. 7, 02-120 Warszawa.
How can you contact them?
You can contact the Administrator regarding your personal data by e-mail at: email@example.com.
How do we obtain your data?
We process your personal data, which we receive from you: in connection with Sales Agreements concluded with us and other contracts; during your contact with us, including as part of the complaint process or submission of a statement of withdrawal from the Sales Agreement or other contracts; in connection with the permission to send the newsletter; for the purpose of creating an Account in the Online Store. In addition, we collect the data received from you when exchanging sales documents such as: bills; invoices, etc. We can also process your data: regarding activity in the Online Store, i.e. products viewed, IP addresses, device identifiers; data from cookies; data on the amount of time you spend on each subpage. At the same time, we emphasize that we obtain only data necessary to achieve the objectives described below.
For what purposes and on what legal basis do we process your personal data, how do we obtain it, and what is the legally justified purpose of processing your data (if any)?
We process your personal data for the purpose of:
- taking steps at your request to conclude the Agreement (legal basis: art.6 par.1 b GDPR),
- conclusion and performance of the Sales Agreement binding us and other contracts concluded by us, including in order to contact you regarding their implementation (legal basis: Art. 6 clause 1 b GDPR),
- Answering your questions contained in the contact form on the Online Store website, as well as handling complaints and returns that you submit to us (legal basis: Art. 6 clause 1 f GDPR; legitimate purpose: communication with users of the Online Store and handling of complaints and returns submitted by Customers),
- performance of obligations arising from the warranty for defects; withdrawing or terminating the Sales Agreement and other contracts; archiving documentation, in particular: contracts, invoices and other settlement documents for the purpose of accounting (legal basis: Art. 6 clause 1 c GDPR),
- data storage to meet the so-called accountability obligation arising from the GDPR and other regulations regarding the protection of personal data (legal basis: Art. 6 clause 1 c GDPR),
- pursuing possible claims and defending against possible claims (legal basis: Art. 6 clause 1 f GDPR; legitimate purpose: debt collection as well as conducting court, amicable, mediation and enforcement proceedings,
- creating summaries, analyses and statistics for our internal needs, in particular: reporting, research and planning the development of our products and services and improving their quality (legal basis: Art. 6 clause 1 f) GDPR; legitimate purpose: developing the Online Store and improving the quality of services; facilitating the use of the Online Store),
- Customer service, in particular by adapting it to the needs reported by you, in order to provide relevant information about our products, offers, promotions, also by saving data in “cookies”, collecting data from websites for direct marketing (legal basis: Art. 6 clause 1 f) GDPR); legitimate purpose: improving the quality of services; facilitating the use of the Online Store),
- conducting marketing communication regarding the operation of the Online Store with your express consent, in particular in the scope of: presenting the Online Store’s offer, product information, offers, promotions, including sending the newsletter, depending on your decision – via e-mail address or telephone number (legal basis: art.6 par.1 a) GDPR).
Who do we share your personal data with?
We care about the confidentiality of your data. However, due to the need to ensure the proper organization of the Online Store and the Administrator, we may disclose personal data to:
- our employees and associates who perform work in our name/on our behalf as part of the Administrator’s activity,
- entities supporting us in our activities on our behalf and service providers for us, such as:
- service providers providing the Administrator with technical and organizational solutions, including supporting us in the provision of electronic services, in particular those who provide payment and credit services, intermediate in e-commerce services, e-mail providers, hosting and analytical tools for marketing purposes,
- providers of HR and payroll as well as accounting and bookkeeping services,,
- providers of legal and consultancy services,,
- persons authorized by you,
- public administration bodies or other entities authorized pursuant to legal provisions in order to implement our obligations, e.g. such as: Tax Office, Social Insurance Institution, local government bodies,
- other entities authorized pursuant to legal provisions..
Is providing personal data to us voluntary?
Providing the required personal data by you is voluntary and is a condition of the provision of services, including the conclusion of a Sales Agreement with you.
The above does not apply to data such as e-mail address or phone number provided for marketing communication with your consent. Lack of consent in this regard does not prevent the Administrator from providing services to you, and it does not prevent you from entering into a Sales Agreement with you.
What are your rights to process personal data?
You have such rights as: the right to access the content of personal data being processed, as well as the right to rectify, delete, request restriction of processing, transfer your personal data and object to the processing of personal data, as well as the right to withdraw consent at any time without affecting for the lawfulness of processing based on consent before its withdrawal, provided that the specific processing is based on your consent.
In addition, if the processing of personal data conducted by us violates the provisions of the GDPR, you also have the right to lodge a complaint with the supervisory body, i.e. to the President of the Personal Data Protection Office (PUODO).
How long do we store your personal data?
We store your personal data for the duration of the contracts concluded with you, as well as after their completion in order to assert any claims or for evidential purposes in the event of a claim against the Administrator, for no longer than the limitation period of the given claim.
We process data stored for tax and accounting purposes for 5 years from the end of the calendar year in which the tax obligation arose.
We store data kept with your consent for marketing purposes from the moment you consent until it is withdrawn, no longer than the duration of the purpose for which the data was obtained, whereby we store personal data of logged-in Customers for a time corresponding to the life cycle of “cookies” saved on devices or until they are deleted by you on your device.
Do we transfer your data to countries outside the European Economic Area?
In connection with the possibility of the Administrator using tools supporting his activities provided, e.g. by Google Inc. and Facebook Ireland Limited, your personal data may be transferred to countries outside the European Economic Area. In the event that your data are transferred outside the European Economic Area, we will use appropriate legal safeguards, i.e. standard contractual clauses for the protection of personal data, approved by the European Commission, particularly in the case of transferring data from the European Economic Area to the USA some entities (including, e.g. Google, Facebook, Instagram) ensure a high level of personal data protection under the Privacy Shield framework.
Do we process your personal data automatically?
The Administrator may use profiling for direct marketing in the Online Store, but the decisions made on this basis by the Administrator do not relate to the conclusion or refusal to conclude the Sales Agreement or use of services available in the Online Store. The result of profiling may be, for example: granting you a discount, sending you a discount code or product offer that you may be interested in, reminding you about unfinished purchases, proposing other terms of the Sales Agreement in relation to the standard offer of the Online Store. The profiling used by us has no legal consequences for you. Despite profiling, you still have the opportunity to decide freely whether you want to use the discount received in this way or better conditions and make a purchase in the Online Store. Profiling in the Online Store is based on the automatic analysis or forecast of user behavior on the Online Store website, e.g. by adding a specific Product to the Cart, browsing the page of a specific Product in the Online Store, or by analyzing the previous history of purchases made in the Online Store.
We indicate that you have the right to not be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on you or similarly significantly affects you. In addition, you have the right to object at any time to the processing of personal data for direct marketing, including profiling.
The Online Store also uses “cookies” that are saved on your device. These files are associated only with your device’s browser, and the device user remains anonymous. The files provide us with information about your activity for the purposes of: statistical data on user traffic in the Online Store and the use of individual subpages of the Online Store; matching the offer to your needs; optimizing the use of the Online Store; identification of the user logged in to the Online Store and displaying a message about logging in to you; remembering Products added to the Cart to place an Order; storing data indicated by you in the Order, contact form or when logging in. The administrator may process the data contained in “cookies” during your use of the Online Store website.
You can turn off the option of accepting “cookies” in your web browser at any time by replacing the automatic handling of “cookies” with service consistent with individual preferences. Detailed information in this regard is given by the providers of individual web browsers. At the same time, we point out that disabling the option to accept “cookies” in your web browser may prevent or hinder use of the Online Store.
The administrator may use the services of Google Analytics, Universal Analytics provided by Google Inc. in the Online Store and Facebook Analytics services, including Facebook Pixel, provided by Facebook Ireland Limited. These services help the Administrator analyze traffic in the Online Store and on Online Store profiles on websites: Facebook and Instagram. The collected data is processed as part of the above services in an anonymized manner (these are the so-called operational data that prevent identification of a person) to generate statistics helpful in administering the Online Store. These data are aggregate and anonymous, i.e. they do not contain identifying features (personal data) of the person visiting the Online Store website or the Online Store profile on the following websites: Facebook and Instagram. The Administrator using the above services in the Online Store collects such data as: sources and medium of acquiring visitors to the Online Store and their behavior in the Online Store website, information on the devices and browsers which they use to visit the website, IP and domain, geographical, demographic data and interests.
You can at any time block the possibility of sharing your data by anyone, including the Administrator, information about your activity in the Online Store – by installing the appropriate “plug-in” to your web browser provided by both Google and Facebook (including Instagram) free of charge on websites of these entities.