- The controller of personal data collected through forcell.pl online Store is PARTNER TELE.COM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA entered into the Register of Entrepreneurs by the District Court for Kraków Śródmieście in Kraków, XI Commercial Division of the National Court Register under the number: 0000499669, place of business and service address: ul. Sołtysowska 22, 31-589 Kraków, NIP [taxpayer’s ID]: 6792675514, REGON [business ID]: 356286319, e-mail address: email@example.com, phone number: +48 721 808 007, hereinafter referred to as the „Controller” and also being the „Service Provider”.
- Personal data collected by the Controller through the website are processed in accordance with the Resolution of the European Parliament and Council (EU) 2016/679 dated 27 April 2016 on protection of natural persons due to personal data processing and on free flow of such data as well as repeal of the directive 95/46/CE (general resolution on data protection), hereinafter called GDPR.
TYPE OF PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION
- PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data of forcell.pl Customers when they:
- register the Account in the Store in order to create an individual account and manage this Account, on the basis of the art. 6 para. 1 b) of GDPR (performance of the electronic services agreement as per the Terms and Conditions of the Store),
- place the Order in the Store in order to perform the Sale Agreement, on the basis of the art. 6 para 1 b) of GDPR (performance of the sale agreement),
- use the Review System in order to get familiar with the Customer’s opinion on the Sale Agreement concluded with the Controller, on the basis of the art. 6. para 1 f) of GDPR (legitimate interest of the entrepreneur),
- sign up for the Newsletter in order to receive commercial information by electronic means. The personal data are processed after giving a separate consent, on the basis of the art. 6 para. 1 a) of GDPR,
- use the Contact Form in order to send messages to the Controller, on the basis of the art. 6 para. 1 f) of GDPR (legitimate interest of the entrepreneur).
- TYPE OF PERSONAL DATA PROCESSED. The Customer enters the following details:
- Account: e-mail address,
- Order: first and last name, address, NIP [taxpayer’s ID], e-mail address, phone number,
- Review System: first and last name,
- Contact Form: first and last name, e-mail address.
- PERSONAL DATA ARCHIVING PERIOD. Customers’ personal data are stored by the Controller:
- when the basis for data processing is performance of the agreement - as long as this is necessary to perform the agreement; and after this time - for the period that corresponds to the claims limitation period. Unless a special provision specifies otherwise, the limitation period is six years, and with regard to periodic performance claims and claims related to running business – three years,
- when the basis for data processing is the approval – until the approval is withdrawn; and after the aforesaid withdrawal – for the time that corresponds to the limitation period of claims that may be voiced by the Controller and that may be voiced in relation to the Controller. Unless the special provision specifies otherwise, the limitation period is six years, and with regard to periodic performance claims and claims related to running business – three years.
- While using the Store, additional information may be collected, in particular: IP address assigned to the Customer’s PC or external IP address of the Internet provider, name of domain, type of browser, access time, type of the operating system.
- After giving the separate approval, on the basis of the art. 6 para. 1 a) of GDPR, data may be processed also in order to send commercial information by electronic means or make phone calls for direct marketing purposes – in relation to the art. 10 para. 2 of the Act dated 18 July 2002 on electronic services or art. 172 para. 1 of the Act dated 16 July 2004 – Telecommunications Law, including the ones arising from profiling, as long as the Customer has granted a relevant consent.
- Navigation data may also be collected from Customers, including information on links and references which they decide to click or other activities taken in the Store. The legal basis for such an activity is the Controller’s legitimate interest (art. 6 para. 1 f) of GDPR), concerned with easier use of electronic services and improved functionality of these services.
- Entering personal data by the Customer is voluntary.
- The Controller exercises due diligence in order to protect interests of persons who the data apply to, in particular assures that data collected by the Controller are:
- processed lawfully,
- collected for marked and lawful purposes, and not subject to further processing that is at variance with these purposes,
- essentially correct and adequate to purposes for which they are processed and stored in the form that allows identification of persons who they apply to, not longer than this is necessary to achieve the goal of processing.
PERSONAL DATA DISCLOSURE
- Customers’ personal data are handed to service providers which the Controller uses as part of keeping the Store, especially to the following:
- Product deliverers,
- payment system suppliers,
- the accounting firm,
- the hosting provider,
- the business software supplier,
- mailing system providers,
- the online store software supplier.
- Service providers referred to in the point 1 of this section who are provided with personal data, depending on contractual arrangements and circumstances, are either bound by the Controller’s instructions regarding purposes and methods of processing these data (processing entities) or specify purposes and methods of processing on their own (controllers).
RIGHT TO INSPECT, ACCESS AND CORRECT OWN DATA
- The person who the data apply to has a right to access his/her personal data, rectify and delete them, as well as limit processing them, a right to transfer data, right to object, right to withdraw the consent at any time and with no impact on compliance with the processing that was based on the consent before its withdrawal.
- Legal bases for the Customer’s request:
- Access to data – art. 15 of GDPR.
- Data rectification – art. 16 of GDPR.
- Data deletion (the so-called right to be forgotten) – art. 17 of GDPR.
- Processing limitation – art. 18 of GDPR.
- Data transfer – art. 20 of GDPR.
- Objection – art. 21 of GDPR
- Consent withdrawal – art. 7 para. 3 of GDPR.
- In order to exercise one’s rights referred to in the point 2, a relevant e-mail message may be sent to the following address: firstname.lastname@example.org
- Should the Customer apply with any of the aforesaid rights, the Controller shall fulfill the request or refuse to fulfill it immediately, yet not later than within a month after receiving it. If due to complexity of the request or a number of requests the Controller is unable to fulfill it within a month, it shall do so within subsequent two months and shall inform the Customer beforehand within a month after receiving the request about the rescheduling of the deadline and reasons behind it.
- If personal data processing is found to violate GDPR regulations, the person who the data apply to shall have a right to lodge a complaint to the Head of the Personal Data Protection Office.
- The Controller’s website uses „cookies” files.
- It is necessary to install „cookies” to make sure the services on the Store’s website are correctly rendered. „Cookies” include information required for proper operation of the website and allow elaborating general statistics on the website visits.
- Two types of „cookies” files are used on the website: „session” and „persistent”.
- „Session cookies” are temporary files stored on the Customer’s final device until he/she logs out (leaves the website),
- „Persistent cookies” are stored on the Customer’s final device for the time specified in „cookies” parameters or until they are deleted by the Customer.
- The Controller uses own cookies to better understand how Customers interact with the content of the website. Files store information on the way of using the website by the Customer, type of the website which the Customer has been redirected from as well as the number of visits and visit time on the website. This information does not record any specific personal data of the Customer but is used to elaborate website use statistics.
- The Controller uses external cookies to collect general and anonymous statistical data through Google Analytics tools (external cookies controller: Google LLC, registered in the USA).
- Cookies can also be used by advertising networks, especially Google, in order to display advertisements adapted to the way of using the Store by the Customer. In this respect they may keep information on the Customer’s navigation or website visit time.
- The Customer has a right to make a decision regarding the access of „cookies” files to its PC by choosing them beforehand in his/her web browser or by adapting collected cookies after entering the Store’s website. Details on possibilities and methods of handling „cookies” are available in the software (web browser) settings.
ADDITIONAL SERVICES RELATED TO USER’S ACTIVITY IN THE STORE
- The Store uses the so-called social plugins („plugins”) of social networking sites. Displaying forcell.pl website that includes such a plugin, the Customer’s browser establishes a direct connection to Facebook and Google servers.
- The content of the plugin is provided by the specific service provider directly to the Customer’s browser and integrated with the web page. Thanks to the aforementioned integration, service providers are informed that the Customer’s browser has displayed forcell.pl, even if the Customer does not hold the account at the service provider’s or is not logged in. Such information (together with the Customer’s IP address) is sent by the browser directly to the service provider’s server (some servers are located in the USA) and stored there.
- If the Customer logs into one of the aforesaid social networking sites, the service provider will be able to assign the visit on forcell.pl to the Customer’s profile in the specific social networking site.
- If the Customer uses the specific plugin by clicking the „Like” button or „Share” button, the relevant information will also be sent directly to the service provider’s server and kept there.
- If the Customer does not want social networking sites to assign data collected during a visit on forcell.pl website directly to its profile on the specific site, the user must log out of the platform before visiting www.forcell.pl. The Customer may also completely prevent plugins from loading on the website through the use of relevant browser extension, e.g. by blocking scripts via „NoScript”.
- The Controller adopts technical and organizational measures that provide protection to personal data processed with special regard to hazards and categories of protected data, and in particular secures data against disclosure to unauthorized persons, collection by the unauthorized person, processing that violates applicable rules as well as modification, loss, damage or destruction.
- The Controller provides relevant technical measures that prevent obtaining and modifying personal data sent by electronic means by unauthorized persons.
- To all matters not settled herein, the provisions of GDPR and other relevant rules of the law of Poland shall apply.