OF THE NATIBABY.COM ONLINE STORE
1. GENERAL PROVISIONS
1.2. The Administrator of personal data collected via the Online Store is TOMASZ ZIMNIEWICZ who operates a business enterprise under the business name NATIBABY TOMASZ ZIMNIEWICZ entered into the Central Registry and Information on Business of the Republic of Poland (PL-CEIDG) kept by the competent minister of economy, with an address of business operation and service address at: ul. Szczepankowo 146D/2, 61-313 Poznań, Tax ID: 7661416066, REGON: 300124260, electronic mail address: firstname.lastname@example.org – further called the „Administrator” simultaneously fulfilling the role of the Online Store Service Provider and Seller.
1.3. The personal data of the Service Users and Customers are processed in accordance with the 29th of August 1997 Personal Data Protection Act (Journal of Laws of 1997, No. 133, pos. 883 further amended) (further called the Personal Data Protection Act) and the 18th of July 2002 Act on Rendering of Electronic Services (Journal of Laws of 2002, No. 144, pos. 1204 further amended).
1.4. The administrator exercises particular care in order to protect the interests of persons, whom the collected data relates to, especially ensures, that the collected data is processed in accordance with the law; collected for specified, lawful purposes and not subjected to further processing not in line with those purposes; technically correct and adequate in regards to the purpose, for which it is processed and stored in a form which allows the identification of persons, whom it relates to, for no longer than is required to achieve the purpose of data processing.
1.5. Any words, phrases and acronyms which occur on this page beginning with a capital letter (e.g. Seller, Online Service, Electronic Service) should be interpreted according to their definition contained in the Online Service Terms and Conditions available on the Online Store’s website.
2. PURPOSE AND SCOPE OF DATA COLLECTION AND DATA RECIPIENTS
2.1. Each time the purpose and scope of collection and recipients of data processed by the Administrator correspond to actions performed in the Online Store by the Service User or Customer. For example, if during placement of an Order a Customer selects the personal collection option instead of a courier parcel, the Customer’s personal data will be processed in order to conclude and perform a Sales Agreement, but will not be further disclosed to the carrier who executes deliveries on behalf of the Administrator.
2.2. Possible purposes of Service User’s or Customer’s personal data collection by the Administrator:
2.2.1. conclusion and performance of a Sales Agreement or Electronic Service provision agreement (e.g. Account).
2.2.2. direct marketing of the Administrator’s own products or services.
2.3. Possible recipients of the Online Store Customers’ personal data:
2.3.1. In case of a Customer of the Online Store who selects a method of delivery via post or courier parcel, the Administrator shall disclose the Customer’s collected personal data to the selected carrier or proxy carrying out deliveries on behalf of the Administrator.
2.3.2. In case of a Customer of the Online store who selects the electronic payment or pay card payment method, the Administrator shall disclose the Customer’s collected personal data to the selected entity providing the abovementioned payment services at the Online Store.
2.4. The Administrator may process the following personal data of Service Users or Customers using the Online Store: name and surname, e-mail address; contact telephone number; delivery address (street, building number, apartment number, postal code, town/city, country), residence address/business address/head office (if other than the delivery address). In the case of Service Users or Customers who are not consumers, the Administrator may additionally process the name of the company and tax identification number (PL - NIP) of the Service User or Customer.
2.5. The provision of personal data mentioned in the preceding point may be required in order to conclude and perform the Sales Agreement or agreement for the provision of Electronic Services on the Online Store’s website. Each time the scope of data required to conclude an agreement is indicated on the Online Service website and within the Online Store’s Terms and Conditions.
3. COOKIES AND OPERATIONAL DATA
3.1. Cookie files (Cookies) are small pieces of text information in the form of text files, sent by a server and recorded by the User visiting the Online Store’s website (e.g the computer’s, or laptop’s hard drive, or a smartphone memory card - depending on which device is used when visiting the Online Store). Detailed information on Cookies, as well as the history of their creation can be found, among other places, here:
3.2. The Administrator processes the data contained in Cookie files during the visitors’ use of the Online Store’s website for the following purposes:
3.2.1. identification of Service Users as logged in to the Online Store and indicating that they are logged in;
3.2.2. recording Products added to the shopping cart in order to place an Order;
3.2.3. recording of data from the filled out Order Forms, questionnaires or Online Store login data;
3.2.4. adjusting the Online Store’s contents to the Service User’s individual preferences (e.g. regarding colors, fonts, website layout), and optimizing the use of the Online Store;
3.2.5. keeping anonymous statistics which present the way that the Online Store is used.
3.3. As a standard, most Internet browsers by default accept the saving of Cookie files. Every user has the possibility to specify the conditions of Cookie file use via the Internet browser’s settings. This means, that it is possible to partially (e.g. temporarily) restrict or completely disable the saving of Cookie files on the User’s computer – in the latter case, however, it may influence specific functionalities of the Online Store (for example, it may become impossible to complete the Order via the Order Form due to the fact that Products are not recorded in the cart during subsequent steps of placing the Order).
3.4. The Internet browser setting in terms of Cookie files are significant from the point of view of consent to use Cookie files by our Online Store – in accordance with the regulations, such consent may also be expressed through adjusting the Internet browser settings. If a User does not express such consent, they are asked to change the Cookie settings in their Internet browser.
3.5. Detailed information regarding changing Cookie file settings and individual removal of them in the most popular Internet browsers are available in the Internet browser’s help section and at the following websites (please click the appropriate link):
• Chrome browser
• Firefox browser
• Internet Explorer browser
• Opera browser
• Microsoft Edge browser
• Safari browser
3.6. The Administrator also processes anonymized operational data associated with using the Online Store (so called logs – IP address, domain) to generate statistics helpful to administrating the Online Store. The data are collective and anonymous in nature, i.e. they do not contain features which may identify the persons visiting the Online Store’s website. The logs are not disclosed to any third parties.
4. BASIS FOR DATA PROCESSING
4.1. The provision of personal data by the Service User or Customer is voluntary, however failure to provide the personal data indicated on the Online Store’s website and in the Terms and Conditions as essential to the conclusion and performance of the Sales Agreement or Electronic Service provision agreement shall result in the inability to conclude such agreements.
4.2. The basis for the processing of the Service User’s or the Customer’s personal data is the necessity to perform the agreement, to which they are a party, or to undertake appropriate actions on their request before the conclusion of such agreement. In the case of personal data processing for the purposes of direct marketing of the Administrator’s own products or services, the basis for such processing is (1) the prior consent of the Service User or Customer or (2) the fulfillment of legally justified goals realized by the Administrator (in accordance with art. 23 item 4 of the Personal Data Protection Act, legally justified goals are, in particular, direct marketing of the Administrator’s own products or services).
4.3. In case of processing the Service User’s or the Customer’s personal data for expressing an opinion on the concluded Sales Agreement, the basis for that processing is the expressed consent by User or Customer.
5. RIGHT TO CONTROL, ACCESS AND AMEND THE CONTENTS OF OWN PERSONAL DATA
5.1. The Service User or Customer has the right to access the contents of their personal data and its amendment.
5.2. Every person is entitled to control the processing of data related to them, contained in the Administrator’s database, especially to: request the supplementation, update or correction of personal data, temporary or permanent discontinuation of processing or removal of data, if such data is incomplete, outdated, untrue or was collected in violation of the law, or are no longer required to achieve the purpose, for which said data was collected.
5.3. In the event of the Service User or Customer expressing consent to the processing of data for the purpose of direct marketing of the Administrator’s own products or services, such consent can be revoked at any time.
5.4. In the event, where the Administrator intends to process or is processing the Service User’s or Customer’s data for the purposes of direct marketing of the Administrator’s own products or services, the person whom such data relates to is also authorized to (1) submit a written, motivated request to discontinue the processing of their data due to the person’s particular situation or to (2) submit an objection to the processing of their data.
6. FINAL PROVISIONS
6.2. The Administrator takes advantage of technical and organizational means which ensure protection of the processed personal data appropriate to the threats and categories of protected data, especially he secures data against their disclosure to unauthorized persons, take-over by an unauthorized person, processing in violation of currently applicable regulations, as well as change, loss, damage or destruction.
6.3. The Administrator correspondingly provides the following technical preventive measures against the acquisition and modification of electronically transmitted data by unauthorized persons:
6.3.1. Securing of the data base against unauthorized access.
6.3.2. Access to the Account only upon provision of the User’s individual login and password.