§ 1 General Provisions
- This privacy policy outlines the principles of processing and protecting the personal data of customers purchasing products from: Barbara Grzegorzewska Visuals at 31-416 Kraków, Sabały 44, NIP 6371919290.
- This privacy policy fulfills the information obligation imposed on the Administrator in accordance with Article 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
- I care about your privacy. I collect and process data only when it is necessary.
§ 2 Data Controller
- The data controller is Barbara Grzegorzewska, conducting business under Barbara Grzegorzewska Visuals at 31-416 Kraków, Sabały 44, NIP 6371919290. The controller can be contacted via email at: barbaragrzeg@gmail.com or by mail at: 31-416 Kraków, Sabały 44.
§ 3 Principles of Personal Data Processing
- The Administrator processes the personal data of Customers and subscribers in accordance with GDPR regulations.
- The Administrator applies the technical and organizational measures required by EU law to ensure the protection of personal data processing against unauthorized access, acquisition by unauthorized persons, processing in violation of the law, and alteration, loss, or destruction.
- The Administrator states that providing data by customers for order fulfillment purposes is voluntary but necessary to use the functionalities, including placing and fulfilling orders.
§ 4 Purposes and Legal Basis for Personal Data Processing
Customer data is processed by the Administrator for the following purposes:
- Order fulfillment at: Barbara Grzegorzewska Visuals, 31-416 Kraków, Sabały 44, NIP 6371919290. (Article 6(1)(b) GDPR).
- Direct marketing of own services and products, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR).
- Archival (evidence) purposes in case of a legal need to demonstrate facts, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR).
- Potential determination, pursuit, or defense against claims, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR).
- Compliance with legal and tax obligations (Article 6(1)(c) GDPR).
- Managing a social media account on Facebook and actively participating in sales groups on Facebook for marketing purposes. Data is processed to publish posts on the fan page and Instagram profile, conduct discussions in comments under social media posts, respond to private messages, inform about activities, and for statistical purposes (Article 6(1)(f) GDPR).
- Communication with Customers (and potential customers), including responding to inquiries. Communication occurs via email and Messenger (an application linked to a Facebook account) (Article 6(1)(f) GDPR).
§ 5 Transfer of Data to Third Countries or International Organizations
We do not transfer your data outside Poland, the European Union, and the European Economic Area.
§ 6 Data Retention Period
Customer data is stored for the following period:
- Data related to order fulfillment: for 5 years from the end of the year in which the sale was made unless further storage is justified by the limitation period for claims.
- Data related to marketing activities: until an objection is raised.
- Archival purposes: for the period necessary to achieve this purpose.
- For determination, pursuit, or defense against claims: for the period necessary to achieve this purpose.
- Compliance with legal or tax obligations: until the expiration of the tax obligation.
- Managing a fan page on Facebook and an Instagram profile: for the period necessary to achieve this purpose.
- Communication via messages: for the period necessary to achieve this purpose (until the correspondence ends or the business purpose of the message exchange ceases).
- Data related to maintaining a customer account: for the period of its maintenance in the online store and no longer than until the customer requests its deletion.
§ 7 Categories of Personal Data
The Administrator collects, processes, and stores the following customer data:
- In connection with placing an order: name, surname, phone number, email address, bank account number. For entrepreneurs, also the company name and NIP.
- In connection with marketing on sales groups on Facebook, the data processed includes those published on the user’s profile, particularly name, surname, and nickname.
- In other cases, the Administrator processes the data necessary to achieve the specific purpose.
§ 8 Data Sharing
- Customer personal data may be transferred to entities with whom the Administrator contracts for personal data processing and to entities authorized to obtain personal data based on legal regulations.
- For the purpose of fulfilling the sales contract, the Administrator shares customer personal data with entities providing:
- email services: gmail.com,
postal services, - accounting services,
- hosting services: zenbox.pl
- newsletter services: mailerlite.com,
IT services, - invoicing services,
- marketing services for fan page management.
- email services: gmail.com,
§ 9 Customer Rights
- Customers have the right to access their data and request its rectification, deletion, or restriction of processing. Insofar as the basis for data processing is the legitimate interest of the Administrator, customers have the right to object to the processing of their personal data.
- Insofar as the basis for data processing is customer consent, the customer has the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- Insofar as customer data is processed for the purpose of concluding and performing a contract or based on consent, the customer also has the right to data portability, i.e., to receive from the Administrator personal data in a structured, commonly used, machine-readable format. The customer can transfer these data to another data controller.
- The customer has the right to lodge a complaint with the supervisory authority dealing with personal data protection, i.e., a complaint to the President of the Personal Data Protection Office. Any indications of data leakage or improper use can first be reported to the Administrator by email: barbaragrzeg@gmail.com.
§ 10 Final Information
- For matters not regulated by this Privacy Policy, the relevant provisions of Polish law and GDPR apply.
- When using the option to add ads in sales groups on Facebook, the Administrator collects and stores certain information automatically. Facebook Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, provides information about post views, reach, number of interactions, or demographic data of our followers. This information is statistical. Statistics are created based on observations made by Facebook Ireland Limited regarding the behavior of Facebook users.
Cookies Policy
- The store uses cookies that are stored on the client’s computer/multimedia device used to connect.
- Cookies provide IT data about the use of the Store. They usually contain the name of the website they come from, the time they are stored on the terminal device, and a unique number.
- Cookies are used for the following purposes:
- Recognizing the device used by the client to properly display the website content.
- Creating statistics that help understand how clients use websites, which enables improving their structure and content.
- Maintaining the session of the online store client, so the client does not have to re-enter login and password on each subpage of the online store.
- Adjusting the content and functioning of the online store through an anonymous randomly generated tracking identifier, which allows checking, among other things, the origin of the client, the search engine used, the link clicked, the keywords entered, and the moment when the client stopped using the online store.
- Cookies are used only with the client’s consent.
- The client can restrict or disable the option of accepting cookies in their browser at any time. Detailed information on this topic is contained in the help or documentation of the web browser. In such a case, using the Store may be difficult or completely blocked.