This document sets out the privacy principles of the website www.kerasys.pl
Administrator – TULEA Sp. z o.o. with its registered office in Warsaw / Poland
2. Personal data – all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic, cultural or social identity, including IP device, location data, Internet identifier and information collected through cookies and other similar technology.
4. RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
5. Service – the website maintained by the Administrator at the address kerasys.pl
6. User – any natural person visiting the Service or using one or more of the services or functionalities described in the Policy.
In connection with the use of the Service by the User, the Administrator collects data to the extent necessary to provide particular services offered, as well as information about the User’s activity on the Service.
USE OF THE WEBSITE KERASYS.PL
Personal data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) and not being registered Users (i.e. persons without a profile in the Service) are processed by the Administrator for the purpose(s):
1. to provide services by electronic means in the scope of content collected in the Service made available to Users, to make contact forms available – then the legal basis for processing is the necessity of processing to perform the contract (Article 6.1.b RODO)
2. handling purchases made without registration on the Website – then the legal basis for processing is the necessity of processing to perform the agreement (Article 6.1.b RODO)
3. complaint handling – then the legal basis for processing is the necessity of processing in order to perform the contract (Article 6.1.b of the RODO)
4. analytical and statistical data – then the legal basis for processing is the Administrator’s justified interest (Article 6.1.f of the RODO) consisting in conducting analyses of Users’ activity, as well as their preferences in order to improve the applied functionalities and provided services
5. possible determination and enforcement of claims or defence against them – the legal basis for processing is the Administrator’s legitimate interest (Article 6.1.f of the RODO) in protecting his rights.
User’s activity on the Website, including his/her personal data, is registered in system logs. Information collected in the logs is processed in connection with the provision of services.
Persons who register in the Service are asked to provide data necessary to create and maintain an account. In order to facilitate the service, the User may provide additional data, thereby agreeing to their processing. Such data may be deleted at any time. Providing data marked as mandatory is required in order to set up and maintain an account, and failure to provide them results in the inability to set up an account. Providing other data is voluntary.
Personal data are processed:
1. in order to provide services related to maintaining and maintaining an account in the Service – the legal basis for processing is the necessity of processing to perform the contract (Article 6.1.b RODO), and in the scope of optional data – the legal basis for processing is consent (Article 6.1.a RODO)
2. for analytical and statistical purposes – the legal basis for processing is the Administrator’s justified interest (Article 6.1.f of the RODO) consisting in conducting analyses of Users’ activity on the Website and the manner of using the account, as well as their preferences in order to improve the applied functionalities
3. in order to possibly establish and pursue claims or defend against them – the legal basis for the processing is the Administrator’s legitimate interest (Article 6.1.f of the RODO) in the protection of his rights.
Placing an order for the purchase of goods by Service User is connected with the processing of his personal data. Providing data marked as mandatory is required in order to accept and handle the order, and failure to provide such data will result in the lack of its implementation. Providing other data is voluntary.
Personal data is processed:
1. in order to execute the order placed – the legal basis for processing is the necessity of processing to perform the contract (Article 6.1.b RODO); with regard to the data provided optionally, the legal basis for processing is consent (Article 6.1.a RODO)
2. in order to fulfill the statutory obligations imposed on the Administrator, resulting in particular from tax regulations and accounting regulations – the legal basis for the processing is a legal obligation (Article 6.1.c RODO)
3. for analytical and statistical purposes – the legal basis for processing is the Administrator’s justified interest (Article 6.1.f of the RODO) consisting in conducting analyses of Users’ activity on the Website, as well as their purchasing preferences, in order to improve the applied functionalities
4. in order to possibly establish and pursue claims or defend against them, the legal basis for the processing is the Administrator’s legitimate interest (Article 6.1.f of the RODO) in the protection of his rights.
The administrator provides the possibility to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the inquiry. Giving data marked as obligatory is required in order to accept and handle the inquiry, and not giving them results in the lack of possibility of service. Providing other data is voluntary.
Personal data are processed:
1. in order to identify the sender and handle his inquiry sent by the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of services (Article 6.1.b RODO)
2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Article 6.1.f of the RODO) consisting in maintaining statistics of enquiries submitted by Users via the Service in order to improve its functionality.
The Administrator processes Users’ personal data in order to carry out marketing activities that may rely on:
1. displaying to the User marketing content which is not adjusted to the User’s preferences, so called contextual advertising. The Administrator processes Users’ personal data for marketing purposes in connection with directing contextual advertising to Users. The processing of personal data takes place in connection with the implementation of the Administrator’s legitimate interest (Article 6.1.f of the RODO).
3. directing e-mail notifications about interesting offers or content, which in some cases may contain commercial information
4. conducting other activities related to direct marketing of goods and services, i.e. sending commercial information by electronic means and telemarketing activities.
If the User has agreed to receive marketing information via e-mail, SMS and other means of electronic communication, the User’s personal data will be processed for the purpose of sending such information. The basis for data processing is TULEA’s legitimate interest in sending marketing information within the limits of the consent granted by the User. The User has the right to object to the processing of data for the purposes of direct marketing, including profiling. The data will be stored for this purpose for as long as there is a legitimate interest of TULEA, unless the User objects to receiving marketing information.
Administrator processes personal data of Users visiting Administrator’s profiles in social media (Facebook, YouTube, Instagram, Google +). This data is processed exclusively in connection with profile management, including the purpose of informing Users about Administrator’s activity and promoting various types of events and products, as well as to communicate with users through the functionalities available in social media. The legal basis for processing personal data by the Administrator for this purpose is its legitimate interest (Article 6.1.f RODO) in promoting its own brand and building and maintaining a brand community.
The Administrator processes Users’ personal data also in order to enable the use of services offered within the Service, as well as additional services via mobile applications. User data are processed in order to register and use mobile applications. The legal basis for data processing in this respect is the necessity to perform the contract (Article 6.1.b RODO).
By means of mobile applications the User may in particular: browse the assortment of the Service, gain access to his/her account in the Service, place orders and make payments for them, get acquainted with information available in the mobile application and use other functionalities available in the mobile application.
Cookies are small text files installed on the device of a User browsing the Website. Cookies collect information facilitating the use of the website – e.g. by remembering the User’s visits to the Website and the activities performed by him/her. The Administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. In this connection
1. cookie files with data entered by the User (session ID) for the duration of the session (user input cookies);
2. authenticating cookies used for services requiring authentication for the duration of the session (authentication cookies);
3. cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
4. session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (i.e. multimedia player session cookies);
5. permanent cookies used to personalize the User interface for the duration of the session or slightly longer (user interface customization cookies),
6. cookies used to remember the contents of the shopping cart for the duration of the session (shopping cart cookies);
7. cookies used to monitor traffic on the website, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website). Google will not use the collected data to identify you or to link this information to enable your identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners
THE PERIOD OF PROCESSING OF PERSONAL DATA
The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data shall be processed during the provision of a service or execution of an order, until the withdrawal of the consent given or an effective objection to the data processing is made in cases where the legal basis for data processing is the legitimate interest of the Administrator. The period of data processing may be extended if the processing is necessary to establish and assert possible claims or defend against them, and after that time only if and to the extent required by law. After the expiry of the processing period, the data shall be irretrievably deleted.
Data subjects have the following rights:
The right to information on personal data processing – on this basis, the Administrator shall provide the person making such a request with information on personal data processing, including in particular the purposes and legal grounds for processing, the scope of data held, entities to which personal data are disclosed and the planned date of their deletion;
The right to obtain a copy of the data – on this basis the Administrator transfers a copy of the processed data concerning the person making the request;
The right to rectify – on this basis the Administrator removes any possible inconsistencies or errors concerning the personal data being processed, and supplements or updates them if they are incomplete or have changed;
The right to delete data – on this basis it is possible to demand the deletion of data whose processing is no longer necessary for the realization of any of the purposes for which they were collected;
5. The right to limit the processing – on this basis, the Administrator ceases to perform operations on personal data, with the exception of the operations to which the data subject has consented and their storage, in accordance with the accepted principles of retention, or until the reasons for limiting the processing of data cease to exist (e.g. a decision of the supervisory authority will be issued allowing further processing of data);
6. Right to transfer data – on this basis, to the extent that the data are processed in connection with the concluded agreement or consent, the Administrator shall issue the data provided by the data subject in a format that allows their reading by a computer. It is also possible to request that such data be sent to another entity – however, provided that there are technical possibilities in this respect, both on the part of the Administrator and that other entity;
7. The right to object to the processing of data for marketing purposes – the data subject may object to the processing of personal data for marketing purposes at any time, without the need to justify such objection;
8. Right to object to other purposes of data processing – the data subject may object to the processing of personal data at any time on the basis of the Administrator’s legitimate interest (e.g. for analytical or statistical purposes or for reasons related to the protection of property). Objections in this respect should contain a justification and are subject to the Administrator’s assessment;
9. Right to withdraw consent – if data are processed on the basis of consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out before the withdrawal of consent;
10. Right to complain – in case of recognition that the processing of personal data violates the regulations of the PDPA or other regulations concerning personal data protection, the data subject may lodge a complaint with the President of the Office for Personal Data Protection.
A request for the exercise of data subjects’ rights can be made:
in writing to the following address:
TULEA Sp. z o.o., VIII Poprzeczna 3, 04-616 Warsaw, Poland
by e-mail to: firstname.lastname@example.org
The application should, as far as possible, indicate precisely what the request concerns:
1. what right does the applicant wish to exercise (e.g. the right to receive a copy of data, the right to delete data, etc.);
2. which processing process the request concerns (e.g. use of a specific service, activity on a specific website, receiving newsletters containing commercial information to a specific e-mail address, etc.);
3. which processing purposes the request concerns (e.g. marketing purposes, analytical purposes, etc.).
A response to a request will be given within one month of its receipt. If it is necessary to extend this deadline, the Administrator will inform the applicant about the reasons for such an extension. The answer will be given to the e-mail address from which the application was sent, or in the case of applications submitted by post, by ordinary mail to the address indicated by the applicant.
SECURITY OF PERSONAL DATA
The controller shall on an ongoing basis conduct a risk analysis in order to ensure that personal data are processed by it in a secure manner and ensuring that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks.
Contact with the Administrator is possible via e-mail: email@example.com or the mailing address of TULEA Sp. z o.o., VIII Poprzeczna 3, 04-616 Warsaw, Poland. The Administrator has appointed a Data Protection Inspector, who can be contacted by e-mail: firstname.lastname@example.org in any case concerning the processing of personal data.