Privacy policy

Privacy policy

1. This Privacy Policy sets out the rules for the processing of personal data obtained through the online store https://tdmtarasy.pl/sklep/ (hereinafter referred to as "online store").

2. The owner of the store and at the same time the data administrator is Krzysztof Maciejewski conducting business activity under TDM Tarasy Wooden Dorota Maciejewska, Krzysztof Maciejewski Cywilna Spółka with headquarters in Pszczew (66-330), ul. Żwirowa 11, entered in the Central Register and Information on Economic Activity kept by the Minister of Development, Work and Technology, NIP: 5961750259 REGON: 080395453, hereinafter referred to as TDM.

3. Personal data collected by TDM via the Online Store is processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with individuals in connection with the processing of personal data and in the case of free flow of such data and repealing Directive 95/46/EC (general data protection regulation), also called GDPR.

4. TDM makes special care to respect the privacy of customers visiting the online store.

§ 1 The type of data processed, goals and legal basis

1. TDM collects information on natural persons performing legal acts not directly related to their activities, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units not legal persons, to whom the Act grants legal capacity, hereinafter referred to as clients.

2. Customer's personal data is collected in the case of:

a) Account registration in the online store to create an individual account and manage this account. Legal basis: a necessity to perform the contract for the provision of an account service (Article 6 (1) (B) of the GDPR);

b) placing an order in the online store, to perform the sales contract. Legal basis: the necessity to perform the sales contract (Article 6 (1) (b) of the GDPR);

c) Subscription of the Information Bulletin (Newsletter), in order to perform the contract, the subject of which is the service provided electronically. Legal basis - consent of the data subject to the performance of the contract for the provision of the Newsletter service (Article 6 (1) lit. and GDPR);

d) using the contact form service in the online store to perform an electronic contract. Legal basis: a necessity to perform the contract for the provision of a contact form service (Article 6 (1) (b) of the GDPR);

e) using the notification service about the availability of the goods in order to perform the contract provided electronically. Legal basis - a necessity to perform the contract for the provision of notifications on the availability of goods (Article 6 (1) (b) of the GDPR).

f) Using the service Ask for the product in order to perform the contract, the subject of which is the service provided electronically. Legal basis: a necessity to perform the service contract. Ask for the product (Article 6 (1) (b) of the GDPR).

3. In the case of registering an account in the online store, the customer states:

a) e-mail address;

b) name and surname.

4. In the case of entrepreneurs, the above data range is additionally expanded by:

a) entrepreneur company;

b) NIP number.

5. When registering an account in the online store, the customer independently sets the individual password to access his account. The customer may change the password at a later time, on the principles described in §6.

6. In the case of placing an order in the online store, the Customer provides the following data:

a) e-mail address;

b) address details:

a. postal code and town;

b. country (state);

c. Street with a house/apartment number.

c) name and surname;

d) phone number.

7. In the case of entrepreneurs, the above data range is additionally expanded by:

a) entrepreneur company;

b) NIP number.

8. If the Newsletter service is used, the customer only provides his e-mail address.

9. In the event of using the contact form service, the Customer provides the following data:

a) e-mail address;

b) name and surname;

c) phone number (optional).

10. If you use the service, notify the availability, the customer only provides his e-mail address.

11. If you use the service, ask about the product, the customer states:

a) e-mail address;

b) name and surname.

12. When using the Store's website, additional information may be downloaded, in particular: IP address assigned to the customer's computer or the external IP address of the Internet Supplier, domain name, type of browser, access time, operating system type.

13. Navigation data may also be collected from customers, including information about links and links in which they decide to click or other activities undertaken in the online store. Legal basis - a legitimate interest (Article 6 (1) (1) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

14. In order to determine, investigate and enforce claims, some personal data provided by the Customer may be processed as part of using the functionality in an online store such as: name, surname, data on the use of services, if the claims result from the manner in which the customer uses services, other data necessary to prove the existence of a claim, including the extent of damage suffered. Legal basis - a legitimate interest (Article 6 (1) lit. f GDPR), consisting in determining, pursuing and enforcement of claims and defending against claims in proceedings before courts and other state bodies.

15. The transfer of personal data to TDM is voluntary, in connection with concluded sales contracts or the provision of services via the Store's website, with this provision, however, that failure to do the data specified in the form in the registration process prevents the registration and setting up a customer account, and in the case of placing an order without registering a customer account, it will prevent the submission and implementation of the customer's order.

§ 2 Who is made available or entrusted with data and how long is it stored?

1 Service providers who are transferred to personal data, depending on contractual arrangements and circumstances, or are subject to TDM commands as to the purposes and methods of processing this data (processing entities) or independently define the goals and methods of their processing (administrators).

a) processing entities. TDM uses suppliers who process personal data only at the TDM order. These include suppliers providing hosting service, accounting services providing marketing systems, systems for traffic analysis in the online store, systems for analyzing the effectiveness of marketing campaigns;

b) Administrators. TDM uses suppliers who do not work solely on the command and set the goals and ways of using customer personal data themselves. They provide electronic and bank payment services.

2. Location. Service providers have headquarters in Poland and other countries of the European Economic Area (EEA).

3. Customer's personal data are stored:

a) In the event that the basis for the processing of personal data is consent, then the client's personal data is processed by TDM until the consent is canceled, and after canceling the consent for a period of time corresponding to the limitation period for claims that TDM may raise and what may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to conducting business activity - three years.

b) In the event that the basis for data processing is the performance of the contract, then the client's personal data is processed by TDM as long as it is necessary to perform the contract, and after that time for the period corresponding to the limitation period for claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to conducting business activity - three years.

4. In the event of a purchase in the online store, personal data may be transferred to a forwarding company in order to deliver ordered goods.

5. Navigation data can be used to provide customers with better service, statistical data analysis and adaptation of the online store to customer preferences, as well as administering the online store.

6. In the event that the Customer selects the payment via the Przelewy24.pl system, his personal data is transferred to the extent necessary to make payments to PayPro SA with its registered office in Poznań (ul. Kanclerska 15, 60-327 Poznań), entered in the register of entrepreneurs kept by the District Court Poznań- Nowe Miasto and Wilda in Poznań, department VIII of the National Court Register under the number of KRS 0000347935.

7. In the event that the customer subscribes to the Information Bulletin (Newsletter) to his e-mail address TDM will send electronic messages containing commercial information about promotions and new products available in the online store.

8. In the event of a request to a request, TDM provides personal data with authorized state authorities, in particular organizational units of the prosecutor's office, police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

1. The online store uses small files called cookies. They are saved by TDM on the end device of the person visiting the online store, if the web browser allows it. The cookie usually contains the domain name from which it comes, its "expiry time" and the individual, randomly selected number identifying this file. Information collected using this type of files help to adapt the products offered by TDM to individual preferences and real needs of people visiting the online store. They also give the opportunity to develop general statistics of visits to the presented products in the online store.

2. TDM uses two types of cookies:

a) Session cookies: After the browser session is completed or the computer is turned off, the written information is removed from the device's memory. The session cookies mechanism does not allow you to download any personal data or any confidential information from customer computers.

b) Durable cookies: are stored in the client's end device memory and remain there until they are deleted or expired. The permanent cookie mechanism does not allow you to download any personal data or any confidential information from the customer's computer.

3. TDM uses its own cookies to:

a) customer authentication in the online store and providing a customer session in the online store (after logging in), thanks to which the customer does not have to re -enter the login and password on each subpage of the online store;

b) Analysis and research as well as audience audit, in particular to create anonymous statistics that help you understand how customers use the store's website, which allows you to improve its structure and content.

4. TDM uses external cookies to:

a) collecting general and anonymous static data through Google Analytics analytical tools (external cookies administrator: Google Inc with headquarters in the USA);

b) presenting ads adapted to the client's preferences using the Google AdSense online advertising tool (external cookie administrator: Google Inc on headquarters in the USA);

5. The cookie mechanism is safe for online store customers. In particular, this path is not possible to get into virus clients or other unwanted software or malware. However, in their browsers, customers have the ability to limit or disable the access of cookies to computers. If this option is used, the use of an online store will be possible, in addition to functions that require cookies by their nature.

6. Below are how you can change the settings of popular web browsers in the use of cookies:

a) Internet Explorer browser;

b) Microsoft Edge browser;

c) Mozilla Firefox browser;

d) Chrome and Chrome Mobile browser;

e) Safari and Safari Mobile browser;

f) Opera browser.

7. TDM may collect customer IP addresses. The IP address is a number assigned to a computer visiting the online store by an online service provider. The IP number enables Internet access. In most cases, it is attributed to the computer dynamically, i.e. it changes with each internet connection. The IP address is used by TDM when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we record the most visits), as information useful when administering and improving the online store, as well as for security purposes and possible identification of the server, unwanted automatic programs for browsing the content of the online store.

8. The online store contains links and links to other websites. TDM is not responsible for the rules for the protection of privacy in force on them.

§ 4 of the rights of data subjects

1. Right to withdraw consent - legal basis: art. 7 para. 3 GDPR.

a) The client has the right to withdraw any consent that TDM has given.

b) withdrawal of consent has an effect from the moment the consent is withdrawn.

c) withdrawal of consent does not affect the processing of TDM in accordance with the law before its withdrawal.

d) withdrawal of consent does not entail any negative consequences for the client, but it may prevent further use of services or functionalities, which, according to TDM law, may only provide with consent.

2. Right to opposition to data processing - legal basis: art. 21 GDPR.

a) The customer has the right to object at any time - for reasons related to his special situation - in the face of the processing of his personal data, including profiling, if TDM processes his data based on a legitimate interest, e.g. marketing of TDM products and services, conducting statistics of using individual functionalities of the online store and facilitating the use of the Online Store, as well as a test of satisfaction.

b) resignation in the form of an email from receiving marketing messages regarding products or services, will mean the client's opposition to the processing of his personal data, including profiling for these purposes.

c) If the client's objection turns out to be justified and TDM has no other legal basis for the processing of personal data, the customer's personal data will be deleted, in the face of which the client has objected.

3. The right to delete data ("right to be forgotten") - legal basis: art. 17 GDPR.

a) The customer has the right to request deletion of all or some personal data.

b) the customer has the right to request the deletion of personal data if:

a. Personal data is no longer necessary for the purposes for which they were collected or in which they were processed;

b. withdrew his specific consent to the extent that personal data was processed on the basis of his consent;

c. objected to the use of his data for marketing purposes;

d. Personal data is processed unlawfully;

e. Personal data must be deleted to comply with the legal obligation provided for in the Union's law or the law of the Member State to which TDM is subject to;

f. Personal data was collected in connection with the offer of information society.

c) Despite the request to delete personal data, in connection with the imposition of an objection or withdrawing consent, TDM may maintain some personal data to the extent that the processing is necessary to determine, claim or defend claims, as well as to comply with the legal obligation requiring processing under Union law or the right of a Member State to which TDM is subject to. This applies in particular to personal data including: name, surname, e-mail address, which data is preserved for the purposes of examining complaints and claims related to the use of TDM services, or an additional address/correspondence address, order number, which data is preserved for the purposes of examining complaints and claims related to the concluded sales contracts or the provision of services.

4. The right to limit data processing - legal basis: art. 18 GDPR.

a) The customer has the right to demand limiting the processing of his personal data. Submission of the request, until its consideration, prevents the use of specific functionalities or services, which will be used with the processing of the data covered by the request. TDM will also not send any messages, including marketing.

b) The customer has the right to demand limiting the use of personal data in the following cases:

a. When it questions the correctness of its personal data - TDM limits their use for the time needed to check the correctness of the data, but not longer than for 7 days;

b. when data processing is unlawful, and instead of deleting data deleting the data, the customer will demand that their use be limited;

c. When personal data ceased to be necessary for the purposes for which they were collected or used but they are needed by the customer to determine, investigate or defend claims;

d. When he objected to the use of his data - then the limitation occurs for the time needed to consider whether - due to the special situation - the protection of interests, rights and freedoms of the client prevails over the interests that the administrator pursues, processing the client's personal data.

5. Law of access to data - legal basis: art. 15 GDPR.

a) The customer has the right to obtain from the Administrator confirmation whether he processes personal data, and if this is the case, the customer has the right:

a. access your personal data;

b. obtain information on the purposes of processing, categories of processed personal data, about recipients or categories of recipients of this data, planned storage period of customer data or about the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer under the GDPR and about the right to lodge a complaint to the supervisory authority, about the source decisions, including profiling and on security used in connection with the transfer of this data outside the European Union;

c. to obtain a copy of your personal data.

6. Right to rectify data - legal basis: art. 16 GDPR.

a) The client has the right to request from the administrator to immediately rectify his personal data, which are incorrect. Taking into account the purposes of processing, the data to whom the data relates has the right to request to supplement incomplete personal data, including by presenting an additional statement, directing the request to the e -mail address in accordance with §7 of the Privacy Policy.

7. The right to transfer data - legal basis: art. 20 GDPR.

a) The customer has the right to receive his personal data, which he provided to the Administrator, and then send it to another, chosen person of personal data. The customer also has the right to demand that personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the customer's personal data in the form of a CSV file, which is a commonly used format, suitable for machine reading and allowing the data received to another personal data administrator.

8. In the event of the Customer with the right resulting from the above rights, TDM meets the request or refuses to fulfill it immediately, but no later than within a month after receiving it. However, if - due to the complicated nature of the request or the number of demands - TDM will not be able to meet the request within a month, it will meet them within the next two months by informing the customer before a month of receiving the request - about the intended extension of the deadline and its causes.

9. The Customer may submit a complaint to the Administrator, inquiries and applications regarding the processing of his personal data and the exercise of his rights.

10. The customer has the right to demand from TDM to transfer copies of standard contractual clauses by directing the question in the manner indicated in §7 of the Privacy Policy.

11. The Customer has the right to lodge a complaint to the President of the Office for Personal Data Protection, regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.

§ 5 Services tailored to preferences and interests (profiling)

1. Profiling means any form of automated processing of personal data, which involves the use of personal data to assess certain personal factors of a natural person, in particular to analyze or forecast aspects regarding the effects of the work of this natural person, his economic situation, health, personal preferences, interests, credibility, behavior, location or movement.

2. Customer's personal data may be processed in an automated (profiling) manner, however, this will not have any legal effects on them or in a similar way significantly affect the situation of customers.

3. Profiling of personal data by TDM consists in processing customer data in an automated and manual manner by using them to assess some customer information, in particular for the analysis or forecast of its personal preferences and interests.

4. In order to reach the customer with marketing messages outside the online store website, TDM uses the services of external suppliers. These services consist in displaying marketing messages on pages other than the online store website. For this purpose, external suppliers install, for example, appropriate code or pixel to download information about customer activity on the online store website. Details in the field of used cookies can be found in §3. Legal basis - a legitimate interest (Article 6 (1) lit. f GDPR), consisting in matching marketing messages to preferences and interests.

5. In order to reach the customer with marketing messages via the Online Store website, TDM uses the services of external suppliers. These services consist in displaying marketing messages on the online store's pages. For this purpose, external suppliers install, for example, appropriate code or pixel to download information about customer activity on the online store website. Details in the field of used cookies can be found in §3. Legal basis - a legitimate interest (Article 6 (1) lit. f GDPR), consisting in matching marketing messages to preferences and interests.

§ 6 Security management - password

1. TDM provides customers with a secure and encrypted connection when sending personal data and when logging in to the customer's account on the website. TDM uses an SSL certificate issued by one of the leading global companies in the security and encryption of transmitted data via the Internet.

2. In the event that a customer with an online store has lost its access password in any way, the online store allows the generation of a new password. TDM does not send a password reminder. The password is stored in an encrypted form in a way that prevents it from reading. In order to generate a new password, enter the e-mail address in the form available under the link "Do not remember the password?", Located at the account login form in the online store. The Customer to the e -mail address provided during registration or saved in the last change of the account profile will receive an electronic message containing the redirect to a dedicated form provided on the store's website, where the customer will have the option of setting a new password.

3. TDM never sends any correspondence, including electronic correspondence with a request to provide login data, and in particular the access password to the customer's account.

§ 7 changes in the privacy policy

1. The Privacy Policy may change, which TDM will inform customers in advance 7 days.

2

3. Date of the last modification: 24.02.2022.