Privacy Policy of Otwierane.pl website ("Shop")

Dear User!

We care about your privacy and want you to feel comfortable while using our services. Therefore, below we present you with the most important information about the principles of our processing of your personal data and the cookies that are used by our Shop. This information has been prepared taking into account RODO, the General Data Protection Regulation.

PERSONAL DATA CONTROLLER

Katarzyna Matusik, conducting individual business activity under the firm: Hossa Katarzyna Matusik, Ul. Strumykowa, No. 35, lok. 83, 03-138 Warsaw NIP 7591684955 REGON 522432623.

If you wish to contact us in relation to our processing of your personal data, please email us at kontakt@otwierane.pl.

YOUR ENTITLEMENTS

You have the right to request:

access to your personal data, including obtaining a copy of your data (Article 15 RODO or, if applicable, Article 13(1)(f) RODO),
their rectification (Article 16 RODO),
deletion (Article 17 RODO),
restriction of processing (Article 18 RODO),
transfer of data to another controller (Article 20 RODO).

And also the law:

object to the processing of your data at any time:
- for reasons related to your particular situation - against the processing of personal data concerning you based on Article 6(1)(f) of the RODO (i.e. the legitimate interests pursued by us), including profiling (Article 21(1) of the RODO);
- where personal data is processed for the purposes of direct marketing, including profiling, to the extent that the processing is related to such direct marketing (Article 21(2) RODO).

Contact us if you wish to exercise your rights. You can object to our use of cookies (which you will read about below) in particular by using the relevant browser settings.

If you consider that your data is being processed unlawfully, you can lodge a complaint with the President of the Data Protection Authority.

PERSONAL DATA AND PRIVACY

Below you will find detailed information on the processing of your data.

Aims and legal bases for processing personal data

The data controller processes your personal data for the following purposes and scope:

to take action prior to concluding a contract at your request, i.e. the data you provided in the registration form in the Online Shop, i.e. your name and surname and the data you provided for the purpose of processing the order such as the shipping address;
in order to provide services which do not require the purchase of Goods, i.e. browsing the web pages of the Internet Shop, searching for Goods, we process personal data concerning your activity in the Internet Shop, i.e. data concerning the Goods you have viewed, data concerning the session of your device, operating system, browser, location and unique ID, IP address;
for the purpose of fulfilling the contract of sale of the Goods (e.g. delivery of the ordered Goods), we process the personal data provided by you when purchasing the Goods, such as your name, e-mail address, address data, payment data and, if you purchase via an Account, additionally the password you have established;
for the purpose of statistics on the use of the various functionalities available in the Online Shop, to facilitate the use of the Online Shop and to ensure the IT security of the Online Shop, we process personal data relating to your activity in the Online Shop and the amount of time spent on each subpage in the Online Shop, your search history, your location, your IP address, your device ID, data relating to your browser and operating system;
for the purposes of establishing, investigating and enforcing claims and defending against claims in court proceedings and other enforcement bodies, we may process your personal data provided at the time of purchase of the Goods and other data necessary to prove the existence of a claim or which arises from a legal requirement, court order or other legal procedure;
We process the personal data you provide in the contact form, complaints and requests, or in order to answer your questions in another form, as well as the data relating to the order of Goods and other Services provided by us which are the cause of the complaint, complaint or request, and the data contained in the documents accompanying the complaint, complaint or request;
for the marketing of our Goods and Services and those of our customers and partners, including remarketing, for this purpose we process data about your activity on the Online Shop including your orders, which is recorded and stored via cookies, in particular your order history, search history, clicks on the Online Shop, login and registration dates, history and your activity in relation to our communication with you. In the case of remarketing, we use your activity data to reach you with our marketing communications outside the Online Shop and we use third-party providers for this purpose. These services involve displaying our communications on websites other than the Online Shop. Please refer to the Cookie records for details;
for market research and opinion polling purposes by us or our partners, i.e. order information, your data provided during the purchase of the Goods, your e-mail address. The data collected for market research and opinion surveys is not used by us for advertising purposes. Exact instructions are given in the information about the respective survey or where you enter your data.

Categories of personal data

The controller processes the following categories of relevant personal data:

contact details, including: name, email address, telephone number, address provided for the purpose of sending orders and invoicing
data relating to activity in the Online Shop;
order data in the Online Shop;
data relating to complaints, claims and requests;
data relating to marketing services.

Voluntary provision of personal data

The provision by you of the required personal data is voluntary and is a condition for the provision of services by the Data Controller through the Online Shop.

Processing time

Personal data will be processed for the period necessary for the execution of orders, services, marketing activities and other services performed for the Customer. Personal data will be deleted in the following cases:

when the data subject requests their deletion for legitimate reasons or withdraws the consent given;
When the data subject does not take action for more than 6 years (inactive contact);
upon becoming aware that stored data is out of date or inaccurate.

Some data in the following areas: e-mail address, first and last name, may be stored for a further 2 years for the purpose of dealing with complaints, and 6 years for the purpose of evidence, complaints and claims relating to the services provided by the Online Shop - this data will not be used for marketing purposes.

Data relating to orders of Goods and paid services, will be stored for a period of 6 years from the date of delivery of the order.

We store Customer data for a period of time corresponding to the life cycle of the cookies stored on the devices or until they are deleted from the Customer's device by the Customer.

Your personal data about your preferences, behaviour and choice of marketing content may be used as the basis for automated decisions to determine the online shop's sales opportunities.

Recipients of personal data

We transfer your personal data to the following categories of recipients:

to state authorities, e.g. the public prosecutor's office, the police, PUODO, the President of UOKiK, if they request us to do so,
to service providers which we use for the operation of the Online Shop, e.g. for order processing
partners, if you have consented to your data being passed on to them and contacted for marketing purposes

We do not transfer your data outside the European Union.

Data security

When processing your personal data, we use organisational and technical measures in accordance with the relevant legislation, including the use of connection encryption with an SSL certificate. This website is protected by reCAPTCHA in accordance with Google's privacy policy i Google terms of service.

Right of access to personal data (Article 15 RODO)

You have the right to obtain information from the Data Controller as to whether your personal data is being processed.

If the Administrator processes your personal data you have the right to:

access to personal data;
be informed about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of that data, the intended period of storage of your data or the criteria for determining that period, your rights under the RODO and your right to lodge a complaint with a supervisory authority, the source of that data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of that data outside the European Union;
obtain a copy of their personal data.

If you wish to request access to your personal data, please submit your request to the Administrator's email address.

Right to rectification of personal data (Article 16 RODO)

If your personal data is inaccurate you have the right to request the Administrator to rectify your personal data immediately.

You also have the right to request the Administrator to complete your personal data.

If you wish to request the rectification of your personal data or their completion, please submit your request to the Administrator's e-mail address.

The right to erasure of personal data, the so-called "right to be forgotten" (Article 17 RODO)

You have the right to request the Data Controller to delete your personal data when:

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
you have withdrawn specific consent, insofar as personal data was processed on the basis of your consent;
Your personal data was processed unlawfully;
you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of your personal data is related to direct marketing;
you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Controller or a third party;
personal data have been unlawfully processed

Despite your request for erasure, the Controller may continue to process your personal data for the purpose of establishing, investigating or defending against claims, of which you will be informed.

If you wish to request the deletion of your personal data, please submit your request to the Administrator's email address.

The right to request the restriction of the processing of personal data (Article 18 RODO)

You have the right to request the restriction of the processing of your personal data when:

you question the accuracy of your personal data - the Data Controller will restrict the processing of your personal data for a period of time to allow you to check the accuracy of the data;
when the processing of your data is unlawful and instead of erasure you request the restriction of the processing of your personal data;
Your personal data is no longer needed for the purposes of processing, but it is needed to establish, assert or defend your claims;
where you have objected to the processing of your personal data - until it is determined whether the legitimate interests on the part of the Controller override the grounds for your objection.

If you wish to request a restriction of the processing of your personal data, please submit your request to the Administrator's email address.

Right to object to the processing of personal data (Article 21 RODO)

You have the right to object at any time to the processing of your personal data, including profiling, in relation to:

processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Controller of the personal data or by a third party;
processing for direct marketing purposes.

If you wish to object to the processing of your personal data, please submit your request to the Administrator's email address.

Right to request the transfer of personal data (Article 20 RODO)

You have the right to receive your personal data from the Controller in a structured, commonly used machine-readable format and send it to another controller.

You may also request that it is the Data Controller who directly transfers your personal data to another controller (if technically possible).

If you wish to request the transfer of your personal data, please submit your request to the Administrator's email address.

Right of withdrawal of consent

You may withdraw the consent you have given for the processing of your personal data at any time.

The withdrawal of your consent to process your personal data does not affect the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

If you wish to withdraw your consent to the processing of your personal data, please submit your request to the Administrator's e-mail address.

Complaint to the supervisory authority

If you believe that the processing of your personal data is in breach of the RODO you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged breach took place.

In Poland, the supervisory authority under the RODO is the President of the Office for Personal Data Protection (PUODO).

Changes to the Privacy Policy

Information on changes to the Privacy Policy will be published on the website of Opened.co.uk.