1. In order to fully respect your rights and abide by the Personal Data Protection Act, Kratki.pl Marek Bal hereby undertakes to maintain the security of information and the resulting confidentiality, integrity and accountability of the obtained personal data. All employees working in the organization, including the shop, have completed a set of trainings within the scope of personal data processing in accordance with the GDPR (General Data Protection Regulation).
2. Personal Data Controller - Kratki.pl Marek Bal, with its registered office in Wsola, at W. Gombrowicza 4, 26–660 Jedlińsk, telephone number: +48 48 389 99 00, email: email@example.com, NIP: 7961158007, REGON: 670814979, entered into the Business Activity Central Register and Information Record kept by the Minister in charge of the economy (hereinafter referred to as “Controller”).
3. For the purposes of describing the rules and regulations resulting from the Policy, we shall refer to you as “Users”. A User shall mean an entity on behalf of which, in accordance with the Regulations of the online shop https://kratki.com/sklep/ and the provisions of law, services can be rendered by electronic means or with whom a service agreement can be concluded by electronic means.
4. Can the Policy be changed and why? - The Controller can introduce changes to this Policy in the future, e.g. due to:
a) introduction of amendments to the existing laws, in particular within the scope of personal data protection, the telecommunication law, services which are rendered by electronic means or laws regulating the rights of consumers, influencing the rights and obligations of the Controller or the rights and obligations of the data subjects;
b) continuous development of electronic services caused by the progress made in the field of network technology, including application and development of new solutions, e.g. within the scope of their functionalities;
In order to introduce changes to the Policy, the Controller shall each time publish information on the changes made to the Policy (and cite the current edition and the effective date) on the website of the organization and the online shop.
The current, 3rd edition of the Policy has entered into force on 08.08.2020;
4. Reporting breaches to the DPO of Kratki.pl - in case of any questions, doubts or a need to report a complaint/breach, please send the information to the Data Protection Officer of Kratki.pl at: email: firstname.lastname@example.org (hereinafter referred to as “Data Protection Officer”).
5. Reporting personal data breaches to the supervisory body - a data subject can lodge a complaint to the President of the Polish Personal Data Protection Office.
6. Withdrawal of the consent - please remember that every data subject can withdraw the granted consent at any time. In order to do so, please send a relevant information to the Data Protection Officer at: email@example.com
7. The right to restrict processing - in the case where you have doubts with regard to the correctness and completeness of the personal data processing and question their correctness, you should send a notification at: firstname.lastname@example.org. The suspension of data processing shall be upheld for a period allowing the Controller to verify the correctness and completeness of said data.
8. The right to erasure (to be forgotten) - in the case where the obtained data are not necessary to implement the objectives, the consent which was the sole basis for processing was withdrawn, objection to the processing was raised, data were processed unlawfully or the obligation to erase is a result of the provisions of law, then you are entitled to demand erasure of all your personal data. Such report should be sent to the Data Protection Officer at: email@example.com
9. The right to data portability - you have the right to receive and/or send data to another Controller in the format which is publicly available and used by all domestic and EU bodies. Such report should be sent to the Data Protection Officer at: firstname.lastname@example.org
10. The right of access - upon a written request the Data Controller is obliged to transfer a copy of personal data undergoing processing. It is important to note that the first copy is issued free of charge. In the event of requesting subsequent copies, Kratki.pl Marek Bal can charge a handling fee in order to cover administrative costs associated with such actions.
11. The right to rectification - we make every effort in order for your data to be correct and complete. In the event where a deviation from those two rules is identified, you have the right to:
a) rectify the incorrect data;
b) complete the incomplete information.
Kratki.pl Marek Bal has adopted the principle of minimizing the obtained data depending on a specific purpose of processing.
All irregularities should be reported to the Data Protection Officer at: email@example.com
12. The conditions of granting consent by children under the age of 16 - in accordance with the GDPR, granting consent requires permission from a parent or a legal guardian if the child has not yet turned 16. Any transaction and/or actions undertaken and implemented without obtaining consent from a parent or legal guardian are devoid of legal validity.
13. Data transfers to third parties - the Controller protects your interests and in particular makes sure that the data are lawfully processed, collected for clearly indicated and lawful purposes and not further processed when it is incompatible with the presented purposes. The entity which files a request to the Controller or the Data Protection Officer to make the personal data available should each time indicate the legal basis which supports such request.
Otherwise, such request shall be instantly rejected. In the event where the legal basis is presented, it shall be analyzed and, in the case of determining a lack of legal basis, rejected. Recording of such actions shall be a part of the GDPR documentation of Kratki.pl
14. Transparency - we strive for our website, along with the information published therein and requests for consents, to be easily accessible, transparent and understandable and for the language used on the site to be simple and precise. In each case of collecting data, we point out the detailed purposes (specific, express and legally justified) of collecting your personal data. In the case where your impressions and observations are different, please send the Data Protection Officer any comments at: firstname.lastname@example.org
15. Data retention - we store the collected data for a period no longer than is necessary from the viewpoint of the purpose of processing and implementation of legal requirements (i.e. retaining data until the expiration of the limitation period for claims). Personal data can be retained for the period of using the shop and in the case of conducting marketing activities - until and objection is raised and/or if they are related to cookie technology, until such files are deleted via the setting of an internet browser.
In the case where the processing of personal data is subject to your consent, the data shall be processed until the consent is withdrawn. In each case:
a) personal data shall be stored when the provisions of law, e.g. accounting and tax provisions, oblige the Controller to process said data;
b) the Controller shall retain personal data no longer than is needed to secure any of your claims against the company in order to pursue claims by the Controller and in order to pursue or defend claims of third parties for the limitation period specified by the provisions of law, in particular the Polish Civil Code;
c) depending on the scope of personal data and the purposes of their processing, they can be retained for a different period, whereas the longer limitation period shall be decisive.
16. The right of access - please remember that you have the right to obtain information on the processing of personal data which concerns you within the scope of:
a) purpose of processing;
b) category of obtained data;
c) information on data recipients;
d) planned retention period for the data;
e) information on authorizations;
f) information on the right to complain;
g) source of data;
h) automated decision-making.
17. Making data available - Kratki.pl makes your data available to external providers which support our activities within the scope of:
a) marketing services;
b) implementation of promotional campaigns;
c) sending messages reminding about the products placed in the basket;
d) adjustment of content available on the website to your needs;
e) selection of the presented products, promotions and offers;
f) registration in our shop via websites of third parties;
g) implementation of personalized online advertising campaigns.
18. The legal basis allowing to process your personal data by Kratki.pl shall be:
The basis for the processing of your personal data is primarily the need to perform the agreement to which it is a party or the need to, upon request, conduct actions before its conclusion (Art. 6 section 1 letter b of the GDPR). It concerns mainly personal data provided in the form when registering an account on the site, placing orders and concluding a sale agreement, as well as signing for the newsletter. In the case of personal data provided to us in relation to a complaint, the legal basis for their processing is the necessity to perform/handle the sale agreement of the advertised products.
In the case of data processing operations for the aforementioned marketing purposes, with the exclusion of those which are implemented as part of the newsletter, which operates on the basis of the regulations, the basis for such processing shall be fulfillment of the purposes resulting from legally justified interests implemented by the Controller or its partners (Art. 6 section 1 letter f of the GDPR), whereas in such case the partners do not participate in the processing of your data. Sometimes, within the scope in which the partners of the Controller can also have direct access to such information, the legal basis of such processing is a voluntary consent expressed by you (Art. 6 section 1 letter a of the GDPR). On the other hand, the basis for presenting, creating, directing and implementing dedicated advertisements, offers or promotions (discounts), which are based solely on the automated processing, including profiling, tailored to personal preferences to the highest possible degree, which can in a significant manner influence your consumer decisions, is a voluntarily expressed consent (Art. 6 section 1 letter a, Art. 22 section 2 letter c of the GDPR). However, it concerns solely Customers of legal age.
In the remaining (other) purposes, your personal data can be processed on the basis of:
a) voluntarily expressed consent, e.g. persons participating in competitions (Art. 6 section 1 letter a of the GDPR);
b) applicable provisions of law - when the processing is necessary in order to comply with a legal obligation to which the Controller is the subject, e.g. when the Controller settles the concluded sale agreements on the basis of tax or accounting provisions (Art. 6 section 1 letter c of the GDPR);
c) necessity for purposes other than the ones mentioned above, resulting from legally justified interests implemented by the Controller or a third party, in particular in order to establish, investigate or defend claims, communicate with you, also via contact forms (including providing answers to your questions), and conduct market and statistical analyses (Art. 6 section 1 letter f of the GDPR).
19. The scope of data processing.
- First and last name - during the process of placing an order, you will be asked to provide your first and last name in order for us to send the order and be able to contact you;
- Address of residence or ship-to address - is needed in order to send you the ordered product;
- Number of the end device (telephone, smartphone, tablet, laptop etc.) - there are instances when we notify customers that the product was sent via a text message. Sometimes we also call customers in order to confirm the order or in the case of unforeseen events or force majeure events (random events), such as being temporarily out of stock (while at the same time offering a beneficial solution), an accident of the vehicle transporting a product or a power outage etc.
- Email address - we use emails to send the order and shipping confirmations and contact you. If you become a subscriber of our newsletter, we will send commercial messages once or twice a month.
- IP address - Internet connection information such as the IP address (and other information included in the system logs) is used by the Controller of the server for technical purposes. IP addresses may also be used for statistical purposes - to collect general statistical demographic information (e.g. about the region from which the connection originated).
- Cookies - our shop uses cookie technology in order to tailor the website to your individualized needs. You can grant your consent for the entered data to be remembered, which allows you skip the process of logging in when using the website during subsequent visits.
Cookies - IT data, small text files entered into and stored on devices through which the User uses the website of the Controller.
Device - an electronic device through which the User gains access to the website of the Controller.
2. Information collected on the basis of Cookies is used to properly optimize the website’s operation as well as for statistical and advertising purposes.
3. Cookies record the activity of the User of the website by recognizing the device, which allows for the website to be displayed in a way that is optimized to the User’s individual preferences.
4. The solutions used on the website are safe for the devices of Users accessing the Controller’s website. It is not possible for malware to be transferred to the Users’ Devices.
5. The Controller uses various types of Cookies:
(i) breakdown by the length of the retention period:
a) session Cookies: files stored on the User’s device until the relevant web browser session expires. Information stored is then permanently deleted from the memory of the Device. The session Cookies mechanism does not allow for downloading any personal data nor any confidential information from the User’s device.
b) persistent Cookies: files stored on the User’s device until the moment of their deletion. Ending a web browser session or turning off the Device does not result in their deletion from the device. The persistent Cookies mechanism does not allow for downloading any personal data nor any confidential information from the User’s device.
(ii) breakdown by the purpose for which they are used:
a) “necessary” Cookies allow the use of services available as part of the website, e.g. authentication Cookies used for services requiring authentication as part of the website;
b) “performance” Cookies allow to collect data on how the pages of the website are used;
c) “functionality” Cookies allow to “remember” User’s settings and to customize User’s interface, e.g. within the scope of the selected language or region, font size, design of the website, etc.;
d) “third party” Cookies allow to provide the Users with advertising content more tailored to their interests.
METHODS FOR THE DETERMINATION OF TERMS AND CONDITIONS FOR STORING OR GAINING ACCESS TO COOKIES
2. The User may change settings related to Cookies on their own and at any time, specifying the terms and conditions of their storage and access of Cookies to the User’s device. Changes to settings referred to above can be made by the User via the web browser settings or via service configuration. These settings may be changed, in particular, in such a way as to block the automatic handling of Cookies in the web browser's settings or to provide a notification whenever Cookies are placed on the User’s device. Detailed information on the possibility and methods of handling Cookies can be found in the software (web browser) settings.
3. The User may delete Cookies at any time using the available web browser functions.
5. The owners of other websites will not have access to such data, unless you grant your consent in a separate clause, which in justified purposes shall be made available to you.
- Profiling - occasionally, we process your personal data in such a manner, to use the obtained information to assess the shopping preferences in order to make it easier for you to make and/or plan purchases or effectively conduct the complaint procedure (personal preferences, interests, behavior, location or movements etc.). With the use of the cookie technology which is applied on our website, it is possible to learn the preferences of users through the use of statistics regarding the number of visits on our site or the most popular products. Customer behavior analysis helps our specialists to better understand your preferences and expectations, adjust our content to the needs and interests and therefore not only tailor advertisement to your liking but also select the best products which will suit your requirements. The collected information regards the IP address, the browser type and language used, the type of operational system, the Internet service provider, information on the time, date and location and information sent to the website via the contact form. In order to learn more, please contact us at: email@example.com.
For the purposes of displaying advertisements, presenting offers or promotions/discounts directed to all in a manner tailored to your needs, the Controller can acquaint itself with your preferences, for example through an analysis of the number of visits to the online shop, shopping preferences and other areas of interest within the scope of the offered products and solutions. It allows us to better understand your expectations and continually adjust to your needs and preferences, without significantly influencing your decision-making. The Controller uses advanced technologies thanks to which the aforementioned actions are performed by a system in an automated way. Application of such solution allows to transfer the most up-to-date content which is easily accessible.
In the case of persons over eighteen, the abovementioned analysis of interests is also used in the process of creation, direction and implementation of dedicated advertisements, offers or promotions tailored to your needs in an automated manner, which may produce legal effects or significantly influence you in a similar manner, potentially restricting access to it for other persons (option unavailable for persons who have not reached the age of eighteen and did not grant their consents for such actions by the Controller). Such actions are different from the ordinary “profiling” (that is adjusting messages and banners to match your preferences) in that their results may significantly influence the Consumer’s choices, that is, for example, their result may be an exclusive, very attractive and time sensitive offer of products or services directed solely at a dedicated group of persons on the basis of the history of their purchases or behaviors on our website. The more a given person uses the services of the Controller and purchases its products, the better the promotions and surprises can be prepared with that person in mind.
Pursuant to Article 21 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 Art. 6 section 1 letters e, f you have the right to object to profiling. Such information should be sent to the following email address firstname.lastname@example.org
20. What data should you provide and what are the consequences of failing to do so?
20.1 Data provision is necessary in the following cases:
a) making a purchase at our shop without logging on (having an account); after such order is placed, all there is left is a document confirming the made transaction.
b) registration at the Customer base is voluntary. We store data in our base in order to simplify future purchases in our online shop,
c) provided that you have granted your consent (signed to a newsletter), the email address that you have provided will be used for marketing purposes of kratki.com own products. The consent can be withdrawn at any time, e.g. through sending a message via email with the relevant information to the Data Protection Officer at email@example.com.
d) provision of your personal data in the online shop is voluntary and at the same time necessary in order to make use of specific functionalities provided by Kratki.pl, that is, placing and settling an order (conclusion and performance of the sale agreement), account registration, signing to the newsletter or using forms available on the website,
e) each time the scope of the data necessary to conclude an agreement is provided in the online shop, directly at the Seller (stationary sales) or via other communication channels, indicated in the Regulations https://kratki.com/sklep/en/3/terms-and-conditions-of-the-online-shop-https-kratki-com-sklep-en. The consequence of not providing the required personal data may be an inability to effectively perform the aforementioned actions.
f) each of you is free to decide whether and to what extent you want to make use of the offered services and make personal information available. If, for any reasons, you do not wish to leave your personal data, you are entitled to delete them or not to use the services of our shop.
20.2. No information is provided to third parties which are not in any way connected to the implementation of the purpose for which the consent was obtained. We also do not store confidential and sensitive data, such as access data to your bank account.
20.3. Pursuant to the provisions of the Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), you are entitled to rectify, amend, update and correct your personal data or demand their erasure. In order to do so, you can use the correct tabs in the online shop or send a message via email at firstname.lastname@example.org
20.4. The online shop Kratki.pl is a participant of the program “Trusted Reviews” as part of the service rendered by Ceneo Sp. z o.o. with its registered office in Poznań (60-166) at. ul. Grunwaldzka 182, entered into the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the NCR, under KRS number: 0000493884, NIP: 7792420393, REGON: 302655470, based on sending questionnaires via electronic mail by Ceneo to the Users who have granted their consent, for the purpose of obtaining feedback from Users regarding transactions made in the shop and also posting their reviews, which were obtained as a result of the receipt of the questionnaires, at Ceneo.pl.
20.5. A User making purchases in the shop can freely express his or her consent for transfer of his or her personal data, including the email address, to Ceneo and for Ceneo to process his or her personal data, solely for the purpose of filling in the questionnaire referred to in point 9. The consent granted enabling Ceneo to send the questionnaires and post reviews obtained as a result of the questionnaires at Ceneo.pl and transfer of personal data, including the email address, can be at any time withdrawn by sending a message with a relevant information via email to the Data Protection Officer at: email@example.com.
Issue No. 02 from January 14, 2019