In connection with the obligation to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on its free movement, repealing Directive 95/46 / EC ( General Data Protection Regulation “GDPR”), Adam Kowalski, who is the Administrator of your Personal Data, informs about the rules of processing your personal data and about your rights in this respect.
I. Administrator of personal data
- The Administrator of personal data collected through www.gold-design.pl is Adam Kowalski conducting business activity GOLD DESIGN Adam Kowalski, based in Przyszowice 44-178, ul. Makoszowska 26, entered in the Central Registration and Information on Business of the Republic of Poland, VAT EU: PL9691564826, REGON: 363383215, hereinafter referred to as gold-design.pl ,Seller or Administrator.
Moreover, in the light of the applicable law, Trusted Partners may also be administrators of your data within the scope of particular Services.
II. Contact in matters related to the processing of personal data
-
E-mail: iod(at)gold-design.pl
We would like to emphasize that we collect and process only the necessary data and you can ask to delete it at any time.
III. Data origin
-
Personal data is collected only in regard to the activity at gold-design.pl website. In particular, by registering a user account, through newsletter, pop-up, subscription, e-mail contact, through the form, etc.
IV. The purpose of processing personal data
The purpose of data processing is the conclusion and performance of the contract to which you are a party. We process your data because it is necessary to perform the Agreement concluded between us, including the following purposes:
- Implementation of the Agreement , legal basis for data processing is Art. 6 clause 1 lit. b GDPR. The Agreement is concluded as a result of accepting our Regulations and placing an order with GOLD DESIGN Adam Kowalski, ul. Makoszowska 26, 44-178 Przyszowice.
- Implementation of the obligations incumbent on the Administrator (when placing an order by email or making a purchase at the online store) where the legal basis is Art. 6 clause 1 lit. c GDPR:
- issuing and storing invoices and accounting documents;
- answering complaints within the time limit and in the form provided for by law.
- Implementation of the Administrator’s legitimate interests, legal basis is Art. 6 clause 1 lit. f GDPR, and these are the following activities:
- marketing of own products and services (direct marketing); informing about your own products or services, changes in the scope and manner of their provision (in this case, the legal basis is art.6 par.1 lit.f) GDPR, i.e. our legitimate interest);
- analytical activities (selection of services to your needs, optimization of our products based on your comments and interests, optimization of service processes, etc.);
- for archival (evidentiary) purposes which are the realization of our legitimate interest in securing information in the event of the need to demonstrate proper operation;
- possible determination, investigation or defence against claims; (the legal basis is Art.6 para. 1 lit.f) GDPR, i.e. our legitimate interest);
- conducting settlements with clients (the legal basis is art.6 par.1 lit.c) GDPR, i.e. compliance with the law),
- customer satisfaction surveys and quality improvement as well as customer satisfaction with the services we provide and products’ sale;
We will also process your data for the purposes of this Privacy Policy:
- to inform you about our products or services, changes in the scope and manner in which they are provided (in this case the legal basis is Article 6(1)(f) of the RODO, i.e. our legitimate interest),
- to assert our rights and protect ourselves against claims (the legal basis is Article 6(1)(f) RODO, i.e. our legitimate interest),
- to conduct customer settlements (the legal basis is Article 6(1)(c) RODO, i.e. compliance with the law),
- to perform obligations related to public order (the legal basis is Article 6(1)(c) RODO, i.e. compliance with the provisions of law).
In case of consent to the processing of personal data, this consent will be the basis for the processing of data (Article 6(1)(a) RODO), and the content of this consent will each time determine the purpose of the processing. Consent to the processing of personal data may be withdrawn at any time.
In other cases, your data will only be processed on the basis of a prior consent (e.g. in particular for the purpose of marketing products and services), to the extent and for the purpose specified therein.
The provision of data is voluntary, but is necessary for the conclusion and performance of the contract.
V. Right to object
- You have the right to object the processing of your data on the basis of a legitimate interest as mentioned above points IV. paragraph 3 (2) to (6) at any time. We will stop processing your Data for these purposes unless there are legitimate grounds for doing so which make it impossible to stop processing or unless it is necessary to establish, enforce or defend a claim.
- You have the right to object the processing of data for the purposes of direct marketing at any time.
VI. Duration of data retention
- Your personal data shall be kept for no longer than is necessary for the purposes of data procession.
- Your personal data will be processed during the term of the contract, and after its completion in the period of claim (according to the Civil Code, the general period of limitation of claims is 10 years, and for claims for periodic and business-related services – 3 years). We will keep your tax records for up to 6 years after the end of the service. If you give consent to the processing of your data for marketing purposes, the purpose of processing your personal data can not be terminated within a specific period of time, your data will be processed until you withdraw your consent or raise an objection by the data subject.
- Data processed for the purposes of direct marketing of our products and services may be processed until you object its’ processing or until the administrator considers it to be out of date.
VII. Recipients of the data
- Your personal data may be disclosed to: public authorities and entities performing public tasks or acting on behalf of public authorities, for the purposes set out in the law.
VIII. Rights of the data subject
According to the RODO, you are entitled to:
- the right to correct your data;
- the right to access your data and to receive a copy of it;
- the right to delete, limit the data procession;
- the right to object the data procession;
- the right to data portability;
- the right to lodge a complaint to the supervisory authority (President of the Office for the Protection of Personal Data).
Since processing of personal data is based on consent, the person who gave the consent has the right to withdraw the consent. Consent withdrawal shall not affect the lawfulness of the processing performed before its withdrawal. In case of using personal data by the company for marketing purposes of products and services of the company, there is a possibility of withdrawal of consent by e-mail – the contact given below in matters of personal data processing, or by clicking the unsubscribe button in each newsletter sent by us.
For information, requests and claims regarding your personal data, please contact us: iod@gold-design.pl
IX. Do we transfer your data to countries outside the European Economic Area?
- We do not currently transfer your Personal Data outside the European Economic Area. Should this be the case in the future, however, the processing will be carried out using standard contractual clauses approved by the European Commission to ensure an adequate level of data protection as required by law. We try to minimize the processing of your personal data only to the extent that it is required for the performance of our cooperation. In the case of a contract concluded by a contractor (entrepreneur or consumer), the provision of data is voluntary, but failure to provide such data can impede the performance of the contract, tax settlements, etc. Your personal data is processed on a voluntary basis.
- Your data is not subject to automated decision making in this profiling.
X. How do we guarantee the security of your data?
- We have implemented an internal security procedure that includes blocking access to your data for people who do not need it for the purpose of our cooperation. This block means personalized access passwords to computers and e-mail.
- All information provided by Users is protected by the latest technology, in accordance with applicable legal standards, security requirements and confidentiality rules. All data from your computer is sent to the service using Secure Sockets Layer (SSL) protocol and is automatically encrypted.
XI. Data recipients at the online store
- For the proper functioning of the Online Store, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers or payment service providers). The Administrator uses only the services of such processing entities, which provide sufficient guarantees of implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RODO Regulation and protects the rights of data subjects.
- Transfer of data by the Administrator does not take place in every case and does not apply to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers the data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if the Customer uses personal collection, his data will not be transferred to a carrier cooperating with the Administrator.
- Personal data of the recipients and customers of the Online Store may be transferred to the following recipients or categories of recipients:
- carriers / forwarders / courier brokers – in the case of a Customer who uses the method of delivery of a Product at the Online Store by mail or courier mail, the Administrator shall make the collected personal data of the Customer available to a selected carrier, forwarder or intermediary carrying out shipments for him/her at the Administrator’s request to the extent necessary to carry out the delivery of the Product to the Customer.
- entities handling electronic payments or payment card – in the case of a Customer who uses the method of electronic payment or payment card paying at Online Store, the Administrator shall make the collected personal data of the Customer available to a selected entity handling the above payments at the Online store at the request of the Administrator to the extent necessary to handle the payment made by the Customer.
- service providers providing the Administrator with technical, IT and organizational solutions, enabling the Administrator to conduct business activity, including the Internet Shop and Electronic Services provided through it (in particular, the provider of computer software for running the Internet Shop, e-mail and hosting providers and software providers for managing the company and providing technical assistance to the Administrator) – the Administrator shall make the collected personal data of the Customer available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
XII. Profiling at the online store
- The VWP Regulation imposes an obligation on the controller to inform on the automated decision making, including profiling referred to in Article 22 paragraph 1 and 4 of the VWP Regulation, and – at least in these cases – relevant information about the rules of making such decisions, as well as about the significance and expected consequences of such processing for the data subject. With this in mind, the Administrator provides, in this point of the privacy policy, information on possible profiling.
- The Administrator may use profiling at the Online Store for direct marketing purposes, but the decisions taken by the Administrator on its basis shall not concern the conclusion or refusal to conclude a Sales Agreement or the possibility to use Electronic Service of the Online store. The effect of using profiling at the Online Shop may be, for example, granting a given person a discount, sending a discount code, a reminder of unfinished purchases, sending a product proposal which may correspond to the interests or preferences of the given person or offering better conditions compared to the standard offer of the Online Shop. In spite of profiling, a given person will decide whether he or she wants to take advantage of the resulting discount or better conditions and make a purchase in the Online Shop.
- Profiling at the Online Store lies in automatic analysis or forecasting of a person on the Online Store’s website, e.g. by adding a specific Product to the basket, browsing the page of a specific Product at the Online Store or by analysing the history of purchases made at the Online Store. The condition for such profiling is for the Administrator to have the personal data of the related person, in order to be able to send e.g. a discount code.
- The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects on the person or in a similar way significantly affects him/her.
XIII. Cookies of the Online shop, performance data and analysts
- Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Online Shop (e.g. on the hard drive of a computer, laptop or on the memory card of a smartphone – depending on which device the visitor uses). Detailed information about Cookies files, as well as their history can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Administrator may process the data contained in the Cookies files when visitors use the website of the Internet Shop for the following purposes:
- Identification of Customers as logged in to the Online Shop and showing that they are logged in;
- Saving the Products added to the basket in order to place an Order;
- Saving data from completed Order Forms, questionnaires or login data at the Online store;
- Adjusting the content of the Online store’s website to the Customer’s individual preferences (e.g. concerning colours, font size, page layout) and optimising the use of the Online store’s pages;
- Keeping anonymous statistics showing how the Online store’s website is used;
- Remarketing, i.e. researching the behavioural characteristics of the visitors of the Online store through an anonymous analysis of their actions (e.g. repeated visits of the specific pages, keywords, etc.) in order to create their profile and provide them with advertisements related to their anticipated interests, also when they visit other websites in the advertising network of Google Inc., Youtube and Facebook Ireland Ltd;
- Most web browsers accept cookies by default. Everyone has the option to determine the terms and conditions of cookies, using their own web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of cookies saving – in the last case, however, this may affect some of the functionality of the Online store (for example, it may not be possible to pass the Order path through the Order Form due to the fact that the Products are not stored in the shopping cart during the subsequent steps of placing an Order).
- The settings of your web browser for cookies are important from the point of view of your consent to the use of cookies by our Online Store – in accordance with the regulations, such consent may also be given through the settings of your web browser. In the absence of such consent, the settings of your web browser for cookies should be changed accordingly.
- Detailed information on changing the settings for cookies and their independent deletion in the most popular web browsers are available in the help section of your browser and on the following pages (just click on the link):
- The Administrator may use Google Analytics, Universal Analytics services provided by Google Inc. in the Webshop. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help the Administrator analyze the traffic in the Webshop. The collected data is processed within the framework of the above services in an anonymized manner (so-called exploitative data, which makes it impossible to identify a person) to generate statistics helpful in the administration of the Webshop. This data is anonymous, i.e. it does not contain identification features (personal data) of the persons visiting the website of the Online store. The Administrator using the above services of the Online store collects such data as source of obtaining visitors of the Online store, to get to know the manner of behaviour at the website of the Online store, information on the devices and browsers from which the site is entered, IP and domain, geographical data and demographic data (age, gender) and interests.
- It is possible for an individual to easily block the provision of Google Analytics information about his or her activity at the Online Shop’s website – for this purpose you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en.
- The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) at the Online Shop. This service helps the Administrator to measure the effectiveness of advertisements and to find out what actions are taken by visitors of the store.
- Managing the operation of Facebook Pixel is possible through the ads settings at your personal Facebook account Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
XIV. Embedded content from other sites
Articles on this site may contain embedded content (e.g. films, images, articles, etc.). Embedded content from other sites is the analogy of the user’s visiting of those sites directly.
The sites may collect information about you, use cookies, include additional external tracking systems and monitor your interaction with the embedding material, including tracking your interaction with the embedding material if you have an account and are logged in to that site.