Hello, good morning!
First of all, the administrator of this website is V.D. Illustration Valentyna Derchyk, 3/6 Juliusza Słowackiego St., 58-300 Wałbrzych, NIP 8863020194.
# 1: Who is the controller of your personal information?
The administrator of your personal data is V.D. Illustration Valentyna Derchyk, ul. Juliusza Słowackiego 3/6, 58-300 Wałbrzych, NIP 8863020194.
# 2: Who can you contact about the processing of your personal data?
As part of the implementation of data protection in our organization, we have decided not to appoint a data protection officer due to the fact that it is not mandatory in our situation. You can contact us on matters relating to data protection and privacy more broadly by emailing firstname.lastname@example.org.
# 3: What information do we have about you?
Depending on the purpose, we may process the following information about you:
data included in email correspondence
information visible on social media profiles
details of placed orders
bank account number
statistics related to the receipt of newsletters
image or avatar
content of comments / opinions added to the site
Furthermore, we use tools that collect a range of information about you in relation to your use of our website. This includes, in particular, the following information:
- information about your device, operating system and browser
- IP address subject to truncation and anonymization
- date of site visit
- subpages viewed
- time spent on the site
- transitions between subpages
- mouse clicks or screen taps
- clicks on particular links
- the source from which you go to the page
- the age range you are in
- Your gender
- Your approximate location limited to
- Your interests as determined by your online activities
We are not able to provide you with access to Anonymous Information about you, as we are not able to assign any of the Anonymous Information to any specific user. From the tools that collect Anonymous Information, we only have access to a set of statistics and information not assigned to specific individuals. Moreover, we do not have access to the information collected by some tools at all, as we are only interested in the correct operation of the function provided by the tool, not the information collected by it. For example, a particular plug-in may collect some information, but it is not made available to us in any way, and we are not interested in this information at all, as we are only interested in the particular functionality of the plug-in (e.g., sending a newsletter form) simply working.
The processing of Anonymous Information allows us to provide you with the functionality available on the website. In addition, Anonymous Information is used for analytical and statistical and marketing purposes, such as ad setup and targeting.
Anonymous information is also used by providers of particular tools to provide and improve services, manage services, develop new services, measure the effectiveness of advertising, protect against fraud and abuse, and personalize content and ads displayed on particular services, sites and applications.
# 4: How do we have your personal information?
In most cases, you give them to us yourself. This happens when:
you register a user account
you place an order
you are sending a complaint or withdrawing from the contract
you sign up for the newsletter
you add a comment or review about a product
you contact us by email
You follow our social media profiles or interact with content we post on social media
In addition, some information about you may be automatically collected by the tools we use:
the website mechanism collects your IP address
The mechanism of the newsletter system collects your IP address and information about your activity in relation to the content sent to you within the newsletter, such as opening messages, clicking on links, etc.
# 5: Is your data safe?
We care about the security of your personal data. We analyze the risks that are associated with particular processes of processing your data, and then implement appropriate security and personal data protection measures. We monitor the condition of the technical infrastructure on an ongoing basis, we train the staff, we look at the procedures applied and introduce the necessary improvements. Should you have any questions concerning your personal data, we are at your disposal at email@example.com.
# 6: For what purposes do we process your personal information?
# 7: How long will we keep your personal information?
# 8: Who are the recipients of your personal information?
We venture to say that modern business cannot do without services provided by third parties. We also use such services. Some of these services involve the processing of your personal data. Third party service providers who are involved in the processing of your personal data are:
the hosting provider, which stores the data on the server
cloud software provider, in which data processing takes place
the accounting office that processes your invoice data
A maintenance provider who gains access to the data if the technical work carried out involves areas where personal data is located
Other subcontractors who gain access to the data if the scope of their activities requires such access
All entities listed above process your data on the basis of entrustment agreements concluded with us for the processing of personal data and guarantee an adequate level of personal data protection.
If necessary, your information may be shared with a legal advisor or attorney bound by professional secrecy. The need may arise from a legal need requiring access to your personal information.
Your personal data may also be forwarded to the tax authorities to the extent necessary for the performance of their tax and accounting duties. This applies in particular to all declarations, reports, statements and other accounting documents containing your personal data.
Your data is shared with courier companies to the extent necessary to deliver your order. These companies become independent controllers of your personal data.
Furthermore, when it comes to Anonymous Information, the providers of the tools or plugins that collect Anonymous Information have access to it. The providers of these tools are their own controllers of the data collected in them and may share this data under the terms of their own terms and conditions and privacy policies, which are beyond my control.
# 9: Do we transfer your data to third countries or international organizations?
No, we do not transfer your data to third countries or international organizations.
# 10: Do we use profiling? Do we make automated decisions based on your personal information?
We do not make decisions about you based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you.
Yes, we do use tools that may take certain actions depending on the information collected through the tracking mechanisms, but we believe that these actions do not have a material impact on you because they do not differentiate between you as a customer, affect the terms of any contract you may enter into with us, etc.
Using certain tools, we can, for example, target you with personalized ads based on previous actions you have taken on the site or suggest products that may interest you. We are talking here about so-called behavioral advertising. We encourage you to learn more about behavioral advertising, particularly with regard to privacy issues. You can find detailed information, along with the ability to manage your behavioral advertising settings, here here.
Please note that I only have access to Anonymous Information within the tools I use. This information is stored on the servers of the providers of the respective tools, and these servers can usually be located around the world.
# 11: What rights do you have in relation to the processing of your personal data?
The RODO grants you the following potential rights in relation to the processing of your personal data:
- The right to access your data and receive a copy of it,
- The right to rectify (amend) your data,
- The right to erasure (if you believe there is no basis for us to process your data, you can request that we erase it),
- The right to restrict processing (you can request that we restrict processing to only storing the data or carrying out activities agreed with you, if in your opinion we have incorrect data or are processing it unfairly),
- The right to object to processing (you have the right to object to processing on the basis of legitimate interest; you should indicate the particular situation that you think justifies us stopping the processing covered by the objection; we will stop processing your data for these purposes unless we can demonstrate that the grounds for our processing override your rights or that your data is necessary for us to establish, assert or defend our claims),
- the right to data portability (you have the right to receive from us in a structured, commonly used, machine-readable format the personal data you have provided to us under the contract or your consent; you can have this data sent directly to another entity),
- The right to withdraw consent to the processing of personal data, if you have previously given such consent,
- The right to lodge a complaint to the supervisory authority (if you find that we process your data unlawfully, you may lodge a complaint to the President of the Office for Personal Data Protection or other competent supervisory authority).
The rules related to the exercise of the rights indicated above are described in detail in Articles 16 - 21 of the RODO. We encourage you to familiarize yourself with these provisions. On our part, we consider it necessary to explain to you that the rights indicated above are not absolute and you will not be entitled to them in relation to all activities of the processing of your personal data.
We emphasize that one of the rights indicated above is always available to you - if you believe that we have violated data protection regulations while processing your personal data, you have the possibility to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection).
Cookies are small text information stored on your terminal device (e.g. computer, tablet, smartphone), which can be read by our ICT system (our own cookies) or by third party ICT systems (third party cookies). Cookies can record and store certain information to which ICT systems can then gain access for specific purposes.
Some cookies we use are deleted when your browser session ends, i.e. when you close it (so-called session cookies). Other cookies are retained on your terminal device and allow us to recognize your browser the next time you visit the site (persistent cookies).
If you want to learn more about cookies as such, you can read, for example, this material: https://pl.wikipedia.org/wiki/HTTP_cookie.
# 14: Can you disable cookies?
Yes, you can manage your cookie settings within your web browser. You can block all or selected cookies. You can also block cookies from specific sites. You can also delete previously saved cookies and other site and plug-in data at any time.
Web browsers also offer the option to use incognito mode. You can use this mode if you do not want information about pages you visit and files you download to be saved in your browsing and download history. Cookies created in incognito mode are deleted when you close all incognito mode windows.
There are also browser plug-ins available to control cookies, such as Ghostery (https://www.ghostery.com). The option to control cookies may also be provided by additional software, in particular anti-virus packages, etc.
In addition, there are tools available on the Internet that allow you to control certain types of cookies, in particular to collectively manage your behavioral advertising settings (e.g. www.youronlinechoices.com/, www.networkadvertising.org/choices).
# 15: For what purposes do we use our own cookies?
Own cookies are used to ensure proper functioning of particular mechanisms of the website, such as proper sending of the forms visible on the website.
Our own cookies also store information about your consent to cookies.
# 16: What third party cookies are used?
Aware of the requirements created by the Court of Justice of the European Union, we have nevertheless refrained from indicating the lifespan of cookies used by particular tools. In order to reliably determine the lifespan of each cookie file, we would have to overwhelm you with excessive information that would in no way comply with the principle of transparency and legibility of the information provided to you. Moreover, the lifespan of cookies can change so actively on the part of tool providers that we are unable to exercise reliable control over it. Aside from determining the lifespan of cookies, we would like to remind you that the only way to have real control over how long information is stored in cookies is for you to manage cookies directly. You can delete cookies stored on your device at any time from the level of your web browser.
Moreover, while in the case of statistical and marketing tools, we may view various reports generated from Anonymous Information, with respect to other tools, we do not even gain any access to the information collected in the cookies, being interested only in whether the functions of the tool for which the tool was installed are working properly within our website.
# 17: Do we track your behavior taken within our service?
# 18: Are we targeting you with targeted ads?
§ 19: How can you manage your privacy?
- the cookie settings within your web browser
- Browser plug-ins supporting cookies management e.g. Ghostery
- additional cookie management software,
- incognito mode in a web browser
- behavioral advertising settings, e.g. youronlinechoices.com
# 20: What are server logs?
Using the service is connected with sending queries to the server, on which the website is stored. Each query sent to the server is recorded in server logs.
The logs include your IP address, the date and time of the server, information about your web browser and the operating system you are using. The logs are saved and stored on the server.
The data stored in server logs is not associated with specific individuals using the site and is not used by us to identify you.
Server logs constitute only auxiliary material used for administration of the website, and their content is not disclosed to anyone except persons authorized to administer the server.
# 21: Is there anything else you should know about?
Appendix no. 1 - purposes of personal data processing
|Purpose of processing||Legal basis for processing||Categories of data processed||Data retention period||Source of data acquisition|
|User account maintenance||Article 6(1)(b) of the RODO - conclusion and performance of a contract for the provision of electronic services in the form of a user account||Identifying information. Contact information.||Until the expiration of the statute of limitations for claims related to the contract for the provision of electronic services (due to the separate archiving purpose listed below).||User Account Registration Form.|
|Order handling||Article 6(1)(b) of the RODO - conclusion and performance of a contract concluded as a result of an order.||Identification information. Contact information.Order details.||Until the expiration of the statute of limitations for claims related to the contract entered into as a result of your order (due to the separate archiving purpose listed below).||Order Form.|
|Claims handling||Article 6(1)(f) of the RODO - legitimate interest pursued by the administrator consisting in handling the complaint procedure.||Identifying information. Contact information. Claim details.||Until the expiration of the statute of limitations for claims related to the complaint.||Complaint.|
|Handling withdrawals||Article 6(1)(f) RODO - legitimate interest pursued by the administrator consisting in the handling of the withdrawal procedure.||Identifying information. Contact information.||Until the expiration of the period for which accounting records are required by law to be retained (the withdrawal statement is included in the record).||Statement of Withdrawal.|
|Accounting||Article 6 (1) (c) in connection with the relevant provisions of the tax law - implementation of tax obligations.||Identifying information. Contact information. Invoice details.||Until the date for which accounting records must be retained by law.||Order form or withdrawal form.|
|Archive||Art. 6(1)(f) RODO - legitimate interest pursued by the controller to secure data for the purpose of establishing, defending or asserting claims and for the purpose of demonstrating compliance with obligations under the RODO.||Data of different scope, depending on what data came to us and what scope of data is justified in terms of archival.||Until the expiration of the statute of limitations for claims or the statute of limitations for our liability related to the protection of personal data.||All forms used to submit data.|
|Newsletter service||Article 6(1)(f) RODO - legitimate interest pursued by the administrator consisting in sending messages after receiving prior consent to receive the newsletter.||Identifying information. Contact information. Statistical information related to the messages you send.||Until the expiration of the statute of limitations for claims related to the sending of the newsletter or the statute of limitations for our liability related to data protection.||Newsletter sign-up form.|
|Handling comments/feedback||Article 6(1)(f) of the RODO - legitimate interest pursued by the administrator consisting in the publication of a comment/opinion after its prior submission by the user.||Identification information. Contact information. Comment/feedback details.||Until the comment / opinion is removed.||Form for adding comments/feedback.|
|Mail handling||Article 6(1)(f) RODO - legitimate interest pursued by the administrator consisting in the exchange of correspondence with the user and its possible archiving.||Identifying information. Contact information. Correspondence details.||Impossible to determine unequivocally. Some correspondence may be subject to ongoing deletion and some may be archived if we determine that there is a need to retain it, particularly to ensure future traceability.||Contact form. Incoming message.|
|Social media handling||Article 6(1)(f) of the RODO - legitimate interest pursued by the administrator in operating social media profiles.||Data publicly visible in a user's social media profile. Details of user interactions within social media profiles.||Until the user removes the data from the social network.||Social media profiles. Content posted by a user on social media.|
|Creating groups of advertising recipients||Art. 6(1)(f) RODO - legitimate interest pursued by the administrator to create audience groups in advertising systems based on user lists, order lists and mailing lists.||Email address.||Personal data deleted by the advertising system immediately after the matching process in the creation of an audience group. The created audience group does not contain information about the nature of personal data.||User account registration form. Order form. Newsletter subscription form.|
Attachment No. 2 - List of external tools
|Tool||Supplier||Purpose of use||Supplier's explanation||Provider settings|
|Google Analytics||Google LLC||Analysis and statistics related to website visitor behavior.||See||See|
|reCaptcha||Google LLC||Assessing whether a user visiting a website is a real human or a bot.||See||See|
|Google Ads||Google LLC||Ad measurement and targeting.||See||See|
|YouTube||Google LLC||Embedding YouTube videos.||See||See|
|Meta Pixel||Meta Platforms, Inc.||Ad measurement and targeting.||See||See|