Dear Customer/User
We care about your privacy and want you to feel comfortable and safe when using our services, which is why we have prepared a document from which you will receive detailed information regarding the processing of your personal data.</p >
§ 1
Introduction
- This privacy policy sets out the rules for the processing and protection of personal data of Users and Customers of the online store (including potential Customers) using the online store available at the Internet address: www.justforpets.eu, hereinafter referred to as the store. The document describes primarily the basis, purposes, scope of personal data processing, indicates the entities to which the data is entrusted, and also contains information on cookies and analytical tools used within the online store.
- Words and expressions used in the definitions of the regulations and starting with a capital letter are used in this document and have the meaning given to them in the regulations of the online store, which is available on the store’s website.
- The controller of personal data collected via the online store, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of April 27, 2016 (OJ EU L No. 119, p. 1), hereinafter referred to as GDPR (here you can read the content of the regulation http: //eur-lex.europa.eu/legal content/PL/TXT/?uri=CELEX%3A32016R0679), is Ewelina Stasik-Makowska running a business Just We Ewelina Stasik-Makowska, Armii Krajowej 99, 63-600 Kępno, NIP : 6191927342, REGON: 302098146, contact telephone number: + 48 664290291, e-mail: mail: info@justforpets.eu, hereinafter referred to as the Seller.
- Users’ personal data are processed in accordance with the provisions on the protection of personal data and the Act of July 18, 2002 on the provision of electronic services (Journal of Laws 2002, No. 144, item 1204, as amended).</li >
- The Personal Data Administrator declares that the privacy policy has an informative role, which means that it is not a source of obligations for Users and Customers of the online store. Its purpose is to define the activities undertaken by the Administrator and to describe the services, tools and functionalities related to the online store that are used by the online store’s customers, e.g. to register an account, place an order, use the contact form, subscribe to the newsletter or other activities undertaken as part of online store.
§ 2
General information
- The administrator of the online store makes every effort to protect the privacy of Users and Customers of the online store and all data and information obtained from them. With due care, it selects and applies technical protection measures, both programming and organizational, thus ensuring complete protection against their access, disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
- The Administrator informs that the online store uses a transmission protocol that ensures the security of data transmission on the Internet, namely it has the SSL (Secure Socket Layer) protocol installed. This is a type of security that involves encoding data before sending it from the customer’s browser and decoding it after it safely reaches the store’s server. The information sent from the server to the client is also encoded and decoded after reaching the destination.
- Data collected by the Administrator is processed in accordance with the law, respecting the principles of reliability and transparency, is collected to the minimum extent necessary for the specified purposes and processed in accordance with them, is not subject to further processing inconsistent with these purposes, is adequate and substantively correct in relation to destination and stored in a way that allows identification of data subjects. The data storage period depends on the purpose of processing and is limited to the moment the intended purpose is achieved.
- The administrator of the online store has access to the data under the terms specified in the regulations and the privacy policy, but may entrust Customers’ personal data to external entities cooperating with the Administrator. Such entrustment is possible only on the basis of appropriate personal data entrustment agreements concluded between the Administrator and the processing entity. The contracts contain a provision specifying the scope and conditions of processing personal data necessary to provide the services. The Administrator declares that it cooperates only with entities that guarantee the security of personal data processing processes by implementing security measures that meet the requirements specified in the GDPR.
- The Administrator has the right, as well as a statutory obligation, to provide information regarding the online store’s Customers to public authorities, e.g. in connection with conducting proceedings regarding possible violations of law, or to third parties who submit such a request under applicable Polish law.</li >
- The use of services and tools made available in the online store, as well as providing personal data by the User, is voluntary. However, providing them may be necessary to conclude and perform a sales contract or a contract for the provision of electronic services in the online store, and their absence will prevent the conclusion of such a contract. The scope of data necessary to conclude a contract is indicated on the online store website and in the online store regulations.
- The customer using the services and tools made available within the online store confirms that he or she has read the provisions of this privacy policy and the regulations of the online store, and at the same time consents (if necessary) to the use of his or her personal data in accordance with these provisions by checking the appropriate checkboxes posted on the online store website (the content of the checkboxes determines the purpose for which the personal data provided will be used).
§ 3
Recipients of personal data of the online store
- In order to ensure the proper operation of the online store, including the implementation of concluded sales contracts, the Administrator uses the services of external entities. The administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
- Examples of recipients of personal data of online store customers are:
- carriers, intermediaries, forwarders in a situation where the customer making a purchase in the online store chooses the delivery method by courier,
- entities handling electronic or payment card payments – the Administrator entrusts the User’s personal data to the entity handling a given payment to the extent necessary to provide the service,
- entities operating the functionalities of the Online Store.
- Data recipients (external entities) process personal data on the basis of appropriate entrustment agreements signed with the Administrator of the online store. These entities collect, process and store personal data in accordance with their regulations and privacy policies.
- Processing of personal data of Service Recipients and Customers of the “justforpets.eu” online store
The administrator entrusts the following entities:
- a) PROADAX– in order to store data on the server on which the online store is installed, in order to provide IT support for the online store, in order to manage the store, in order to position the Online Store,
- b) courier companies.
§ 4
Acquisition, collection purposes, scope and processing activities
- The Administrator obtains information about Users, among others: by collecting server logs, IP addresses, software and hardware parameters, pages viewed, mobile device identification number and other data regarding devices and system use. The above information will be collected in connection with the use of the online store. These data are not used by the Administrator to identify the User/Customer.
- Navigational data may also be collected from Customers, including information about links and references or other activities undertaken in the online store, to facilitate the use of services provided electronically and to improve the functionality of these services.
- The Administrator reserves the right to filter and block messages sent through the internal messaging system, in particular if they are spam, contain prohibited content or otherwise threaten the security of online store Users.
- As part of the online store, the Administrator processes Customers’ personal data for the following purposes:
- taking actions before concluding the contract at the request of the Customer; guaranteeing full service for the Store User, including setting up and managing an account/accounts, contacting Users in response to inquiries sent via the contact form, contacting Users via e-mail in response to submitted inquiries,
- browsing the online store’s websites, using the product search engine, monitoring the activity of all and specific Users,
- performance of a sales contract or contract for the provision of services by electronic means,
- keeping statistics on the use of individual functionalities available in the online store, facilitating the use of the online store and ensuring the IT security of the online store,
- determining, pursuing and enforcing claims and defending against claims in court proceedings and other enforcement bodies,
- considering complaints, grievances and requests, as well as answering questions.
- The Administrator informs that it collects, processes and stores the following customer data: name and surname, e-mail address (e-mail address), contact telephone number for the courier to contact the customer and deliver the order, delivery address of the goods (street, number house, apartment number, postal code, city), residence/business/registered address (if different from the delivery address). In the case of Service Recipients or Customers who are not Consumers, the Administrator may additionally process such data as: the name of the Company and the tax identification number (NIP) of the Service Recipient or Customer.
- Personal data collected for the purposes indicated in the privacy policy will be stored for the period of provision of services (including electronic services and shipment of goods) provided by the Administrator and for the period resulting from the limitation periods for claims, tax law provisions, Consumer rights and other rights in this regard.
CUSTOMER CONTACT
- The basis for data processing in connection with customer service, which includes contact with the customer in order to answer the inquiry sent via e-mail or contact form, is Art. 6 section 1 letter a GDPR, i.e. consent to processing. If a contract is concluded after contact, the data will be processed pursuant to Article 6(1)(b) of the GDPR. The legal basis for processing after the possible termination of contact will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Article 6(1)(f) of the GDPR).
ACCOUNT REGISTRATION
- The data of the User who registers in the online store by creating an account will be collected on the basis of consent to processing (Article 6(1)(a) of the GDPR). When the User decides to conclude a contract, the data will be processed pursuant to Art. 6 section 1 letter b GDPR. Additionally, in accordance with Art. 6 section 1 letter f GDPR – processing is necessary for the purposes of the legitimate interests pursued by the administrator.
- You can create an account by completing the registration form and providing basic personal data, i.e. e-mail address, etc., as well as a password consisting of the type of characters and their number consistent with the instructions. Creating an account is free of charge and requires the User’s consent to provide data and confirmation of reading the store’s privacy policy.
Providing data is voluntary, failure to provide data will result in the inability to create an account.
ORDER PROCESSING
- When placing an order in the online store, the Customer provides personal data that is used to perform the contract, i.e. in connection with the execution of the order (Article 6(1)(b) of the GDPR), issuing an invoice and performing other activities related to the provisions of tax law (Article 6(1)(c)). For archival and statistical purposes, data will be processed on the basis of the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
- The basis for data processing in order to establish, pursue or defend claims that may be raised by the Administrator or that may be raised against the Administrator is Art. 6 section 1 letter f GDPR.
- Order data will be processed for the time necessary to complete the order and then until the limitation period for claims under the concluded contract expires. Moreover, after this deadline, the data may still be processed for statistical purposes. Providing data is necessary to perform the contract.
NEWSLETTER
- The newsletter service is available as part of the functionality on the online store’s website. The data provided in connection with subscribing to the newsletter is used only to send the newsletter, based on the expressed consent (pursuant to Article 6(1)(a) of the GDPR). The legal basis for processing after the possible completion of contact and sending the newsletter will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Article 6(1)(f) of the GDPR).
- Voluntary consent to sending a newsletter or commercial information may be withdrawn at any time at the request of the Customer/User, which will be sent via e-mail. The Administrator, after receiving such a request, immediately, no later than within 48 hours from receiving information about the withdrawal of consent, deletes the Customer/User’s data from the contact database used to transmit commercial information electronically.
- As part of the newsletter service, you can correct your data saved in the database at any time, request their removal, unsubscribe from receiving the newsletter, and exercise the right to transfer data referred to in Art. 20 GDPR.
CONTACT FORM
- As part of the functionality of the online store, the Administrator provides the opportunity to contact him using an interactive form. Using the form requires providing personal data necessary to contact the User and answer the questions contained in the form. The user may also provide other data to facilitate contact or ordering a service. Providing data marked as mandatory is required to process the inquiry and/or accept the order, and failure to provide it may result in the inability to process it. Providing other data is voluntary.
- The basis for data processing in connection with the use of the contact form is Art. 6 section 1 letter a GDPR, i.e. consent to processing.
- In order to identify the sender and handle his inquiry sent via the form provided – the legal basis for processing is the necessity of processing to perform the contract for the provision of a service (Article 6(1)(b) of the GDPR).
- The legal basis for processing after the possible termination of contact will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Article 6(1)(f) of the GDPR).
§ 5
Rights of data subjects The GDPR gives Customers/Users the following rights, the list of which is provided below. They are available without giving a reason, but they are not absolute and will not apply to all activities related to the processing of personal data. If the Customer/User wants to exercise any of his rights, he may at any time send a declaration of will to the e-mail address of the online store or the address of the Administrator’s registered office.
- The right to access data pursuant to Art. 15 GDPR. The Customer/User may at any time contact the Administrator to confirm whether his or her data is being processed, and if this is the case, the Customer has the right to:
- to obtain access to personal data,
- to receive information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of the Customer/User’s data or about the criteria for determining this period (when it is not possible to determine the planned period of data processing), about the rights what the Customer/User is entitled to under the GDPR (when it is not possible to determine the planned data processing period), about the Customer’s rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling and about the safeguards used in connection with the transfer of this data outside the European Union,
- to obtain a copy of your personal data.
- The right to rectify data pursuant to Art. 16 GDPR. The Customer/User has the right to request the Administrator to immediately correct his or her personal data that is incorrect. You also have the right to request that your personal data be supplemented. To correct or supplement your personal data, please send information to the e-mail address of the online store.
III. The right to delete data (“right to be forgotten”) – implemented pursuant to Art.
17 GDPR.
- a) The Customer/User may request the Administrator to delete all or some of his/her data,
- b) The Customer/User has the right to request the deletion of his or her personal data when:
- personal data are no longer necessary in relation to the purposes for which they were collected or processed,
- withdrawn specific consent, to the extent that personal data were processed based on the Customer/User’s consent,
- has objected to the use of his/her data for marketing purposes,
- personal data were processed unlawfully,
- personal data must be deleted in order to comply with a legal obligation provided for by Union law or the law of the Member State to which the Controller is subject
- personal data were collected in connection with offering information society services,
- c) despite the Customer/User requesting the deletion of personal data in connection with raising an objection or withdrawing consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill a legal obligation requiring processing under EU law or the law of a Member State to which the Controller is subject
- d) deletion of personal data or cessation of their processing by the Administrator may result in the inability to provide services provided via the online store or limitation of the ability to use the functionality of the online store.
- Consent to the processing of personal data and the right to withdraw consent implemented pursuant to Art. 7. section 3 GDPR.
- a) By accepting the declarations placed by the Administrator in the interactive form available on the online store website, the Customer/User consents to the processing of his/her data for specific purposes,
- b) The Customer/User has the opportunity to consent to the processing of his/her data for additional purposes by accepting optional declarations proposed in the forms available on the online store’s website,
- c) The Customer has the right to withdraw any consent given to the Administrator, withdrawal of consent will take effect from the moment of withdrawal of consent,
- d) withdrawal of consent will not result in any negative consequences for the Customer, but may prevent further use of services or functionalities that, in accordance with the law, the Administrator can only provide with consent,
- e) withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
- The right to object to data processing pursuant to Art. 21 GDPR.
- a) The Customer/User has the right to object at any time for reasons related to his/her special situation to the processing of his/her personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
- b) resignation from receiving marketing information regarding products and services sent by the Customer/User in the form of an e-mail means the Customer/User’s objection to the processing of his/her data, including profiling for these purposes,
- c) if the Administrator has no other legal basis allowing the processing of the Customer/User’s data and the objection turns out to be justified, the personal data to which the objection was raised will be deleted.
- The right to request restriction of personal data processing pursuant to Art. 18 GDPR. The Customer/User has the right to request the limitation of their personal data when:
- a) questions the accuracy of your personal data – the Personal Data Controller will limit the processing of personal data for a period of time enabling the accuracy of these data to be checked,
- b) the processing of the Customer/User’s personal data is unlawful, and instead of deleting the personal data, the Customer/User requests the restriction of the processing of their personal data,
- c) the Customer/User’s personal data are no longer necessary for processing purposes, but they are needed to establish, pursue or defend the Customer/User’s claims,
- d) when the Customer/User has objected to the processing of their personal data – then processing is limited until it is determined whether the legally justified interests of the Personal Data Administrator override the grounds indicated in the Customer’s/User’s objection.
VII. The right to request the transfer of personal data (Article 20 of the GDPR).
The Customer/User has the right to receive his/her personal data from the Administrator in a structured, commonly used, machine-readable format and to send it to another Personal Data Administrator. The Customer/User also has the right to request that the Personal Data Administrator send the Customer/User’s personal data directly to another Administrator (if technically possible).
VIII. The customer also has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of his or her rights to the protection of personal data or other rights granted under the GDPR.
§ 6
Cookies policy, operational data and analytics
- The online store uses small files called cookies, which are saved and stored on the computer or other end device of the store’s Users and Customers, if the web browser allows it. Cookies usually contain the name of the domain from which they come, the time of their storage on the Device and the assigned value.
- Cookies are used to optimize the process of using the store’s website, to collect statistical data that allows to identify how Users use the online store’s website, which allows improving the structure of the online store. They are also necessary to maintain the Customer’s session after he leaves the online store.
- The administrator uses two types of cookies:
- a) session cookies (temporary): they are stored on the Customer’s end device and remain there until the end of the browser session. The saved information is then permanently deleted from the device’s memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from the Customer’s device,
- b) persistent cookies: they are stored on the Customer’s device and remain there until they are deleted. Ending a given browser session or turning off the device does not delete them from the Customer’s device. The persistent cookie mechanism does not allow downloading any personal data or any confidential information from the Customer’s device.
- The service administrator uses external cookies for the following purposes:
- a) collecting general and anonymous static data via analytical tools: Google Analytics (the cookie administrator is Google Inc based in the United States).
- The administrator uses the Google Analitycs tracking code to analyze the website statistics of the online store; detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
- The customer can change cookie settings at any time, using the web browser he or she is using, including blocking the ability to collect cookies. Such action may make it difficult or impossible to use the online store’s services and tools, including placing an order.
- If the Customer decides that he does not agree to the use of cookies for the purposes described above, he can delete them manually at any time. Detailed instructions and information about cookies are included in the help menu of the web browser currently used by the Customer. Examples of web browsers that support the above-mentioned cookies are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
- Some external entities operating within the online store allow Users to withdraw consent to their collection and use of data for advertising purposes based on the Customer’s activity. More information about this and the possibility of making a choice can be found, for example, on the website: www.your online choices.com. The sharing of information about activity on the online store’s website with Google Analytics can be blocked using the information provided by Google Inc. browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
§ 7
Final provisions
- This privacy policy contains links to other websites, it is recommended to read the privacy policies and regulations of these websites.
- The above privacy policy applies only to the Administrator’s online store.
- It is possible to expand the offer of the online store, which makes it possible to change the content of the privacy policy, about which you will be informed with an appropriate message on the store’s website.
- If you have additional questions regarding the privacy policy of the online store, please send a message to the e-mail address provided by the Administrator: info@justforpets.eu.