Privacy policy of the internet store www.illetto.com
§ 1 GENERAL PROVISIONS
- The administrator of personal data collected through the Internet store www.illetto.com is Magdalena Szczap, conducting the business activity under the name of MAGDALENA SZCZAP, entered into the Central Registration and Information on Business (CEIDG) of the Republic of Poland maintained by the minister in charge of economy; place of conducting the business activity and correspondence address: ul. Graniczna 76K/U4, 62-800 Kalisz, Poland, NIP (Tax Identification Number) 6181945491, REGON number 385323584, e-mail address: info@illeto.com, phone number: +48 600 950 954, hereinafter referred to as the “Administrator” and at the same time being the “Service Provider”.
- Personal data collected by the Administrator through the store website are processed in accordance with the Regulation (EU) 2016/679 on the protection of natural persons with regards to the processing of personal data and the free movement of such data and Repeal of Directive 95/46/EC (general regulation on data protection), hereinafter referred to as GDPR.
- All and any words written with a capital letter in the content of this Privacy Policy shall be understood according to their definitions included in the Terms and Conditions of the Internet store www.illetto.com.
§ 2 TYPE OF PROCESSED PERSONAL DATA, AIM AND SCOPE OF PERSONAL DATA COLLECTION
1. AIM OF PERSONAL DATA PROCESSING AND LEGAL BASIS. The Administrator processes personal data of the Service Users of the www.illetto.com Store in the event of:
1.1 Account registration in the Store in order to create an individual account and to manage this Account under Art. 6 section 1 letter b) of GDPR (execution of the agreement on providing electronic service in accordance with the Terms and Conditions of the Store),
1.2 placing an Order in the Store to execute the Sales Agreements under Art.6 section 1 letter b) of GDPR (execution of the Sales Agreement),
1.3 subscribing to the Newsletter in order to send commercial information electronically. Personal data are processed after giving a separate consent under Art. 6 section 1 letter a) of GDPR,
1.4 using the Review System in order to facilitate the Client to express their opinion about the purchased Product in the Store and the Sales Agreement concluded with the Seller under Art. 6, section 1, letter f) of GDPR (legitimate interest of the entrepreneur),
1.5 using the Contact Form in order to send a message to the Administrator under Art. 6 section 1, letter f) of GDPR (legitimate interest of the entrepreneur).
2. TYPE OF PROCESSED PERSONAL DATA. Service User gives the following information for:
2.1 Account: e-mail address,
2.2 Order: name and surname, address, Tax Identification Number, e-mail address, phone number,
2.3 Newsletter: name and surname, e-mail address,
2.4 Review System: name and surname, e-mail address,
2.5 Contact Form: name and surname, e-mail address, phone number.
3. PERIOD OF PERSONAL DATA ARCHIVING. The Administrator archives personal data of the Service Users:
3.1 when the basis for personal data processing is agreement execution, as long it is essential for agreement execution, and afterwards for the period of claim limitation. Unless the specific provision states otherwise, the limitation period is six years, and for claims of periodical performances and claims related to conducting business activity – three years.
3.2 if the basis for data processing is consent, as long as the consent is not revoked, and after revoking the consent for a period of time corresponding to the period of limitation of claims that may be raised by the Administrator and which may be raised against him. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodical performances and claims related to conducting a business activity – three years.
4. When using the Store, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, the type of operating system.
5. After expressing a separate consent pursuant to Art. 6 section 1 letter. a) of GDPR, the data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – respectively in connection with Art. 10 section 2 of the Act of July 18, 2002 on Providing Services by Electronic Means or Art. 172 section 1 of the Act of July 16, 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the Service User has given the appropriate consent.
6. Navigation data may also be collected from the Service Recipients, including information about links and references that they decide to click or other activities undertaken in the Store. The legal basis for this type of activity is the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) consisting in facilitating the use of services provided electronically and improving the functionality of these services.
7. Providing personal data by the Customer is voluntary.
8. The administrator takes special care to protect the interests of data subjects and in particular ensures that the data collected by him are:
8.1. processed in accordance with the law,
8.2. collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes,
8.3. factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of the persons they concern, no longer than it is necessary to achieve the purpose of processing.
§ 3 SHARING OF PERSONAL DATA
1. Personal data of Service Users are shared with service providers used by the Administrator in Store operation, in particular with:
1.1. Product deliverers
1.2. Payment system providers
1.3. Feedback survey system providers
1.4. Administrator accountant office
1.5. Hosting provider
1.6. Software provider for business activity
1.7. Mailing system providers
1.8. Software provider for internet store operation
2. Service providers referred to in point 1 of this paragraph, with whom the personal data are shared – depending on agreement stipulations and circumstances – are either subject to instructions of the Administrator as to the aims and manners of data processing (processing entities) or set the aims and manners of data processing on their own (administrators).
3. Personal data of the Service Users are stored only in the European Economic Area (EEA) subject to para. 5 point 5 and para. 6 of the Privacy Policy.
§ 4 THE RIGHT TO CONTROL, ACCESS TO THE PERSONAL DATA AND CORRECTION OF PERSONAL DATA
1. The person whose data is concerned has the right to access their personal data and the right to correct, delete, limit processing, the right to transfer data, the right to raise objections, the right to withdraw consent at any time without affecting the conformity with the processing right, which was made on the basis of consent before its withdrawal.
2. Legal grounds for the Customer’s demand:
2.1. access to data – Art. 15 of GDPR,
2.2. rectification of data – Art. 16 of GDPR,
2.3. deletion of data (the so-called right to be forgotten) – Art. 17 of GDPR,
2.4. limitation of processing – Art. 18 of GDPR,
2.5. data transfer – Art. 20 of GDPR,
2.6. objection – Art. 21 of GDPR,
2.7. withdrawal of consent – Art. 7 sec. 3 of GDPR.
3. In order to exercise the rights referred to in point 2, an appropriate e-mail to the following address can be sent: info@iletto.pl
4. In the event of the Service User having the right resulting from the above rights, the Administrator fulfills the request or refuses to comply with it immediately, but not later than within a month after receiving it. However, if – due to the complicated nature of the request or the number of requests – the Administrator will not be able to meet the request within a month, they will be met within the next two months informing the Service User in advance within one month of receiving the request – about the intended extension of the deadline and its reasons.
5. If the processing of personal data violates the provisions of the GDPR, the data subject has the right to file a complaint with the President of the Personal Data Protection Office.
§ 5 COOKIES
1. The Administrator’s website uses “cookies”.
2. The installation of cookies is necessary for the proper provision of services on the Store’s website. Cookies contain information necessary for the proper functioning of the website, and they also provide the opportunity to compile general statistics of website visits.
3. The website uses two types of cookies: session and permanent.
3.1. Session cookies are temporary files that are stored on the User’s end device until logging out (leaving the website),
3.2. Permanent cookies are stored in the Customer’s end device for the time specified in the cookie parameters or until they are deleted by the Customer.
4. The Administrator uses own cookies in order to better understand how the Service Users interact with the content of the website. The files collect information about the manner the Customer uses the website, the type of website from which the Customer was redirected and the number of visits and timespan of the Customer’s visit to the website. This information does not register specific personal data of the Service User, but is used for website usage statistics.
5. The Administrator also uses external cookies to collect general and anonymous static data via Google Analytics analytical tools (administrator of external cookies: Google LLC. based in the USA).
6. Cookies may also be used by advertising networks (in particular the Google network) to display advertisements tailored for how the Service Recipient uses the Store. Information about the User’s navigation path or the time of staying on a given page can be maintained for this purpose.
7. The Service User has the right to decide about the access of cookies to his computer by:
7.1. selection of types of cookies, for the collection of which they agree the moment after entering the Store’s website and the pop-up message regarding cookies,
7.2. changing the settings in browser window. Detailed information on the possibilities and manners of cookies handling are also available in the software (browser) settings.
§ 6 ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE
1. The Store uses the so-called. social plugins (“plugins”) of social networking sites. By displaying the website www.illetto.pl containing such a plug-in, the Service User’s browser will establish a direct connection with the Facebook, Instagram, Pinterest, and YouTube servers.
2. The content of the plug-in is transferred by a given service provider directly to the Customer’s browser and integrated with the website. Owing to such integration, service providers receive information that the Service User’s browser has displayed the website www.illetto.pl, even if the Service Recipient does not have a profile with a given service provider or is not currently logged in to it. Such information (along with the IP address of the Service Recipient) is sent by the browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
3. If the Service User logs in to one of the above-mentioned social networking sites, the service provider will be able to directly assign a visit to the website www.illetto.pl to the Service Recipient’s profile on a given social networking site.
4. If the Customer uses a given plugin, e.g. by clicking the “Like” button or the “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
5. The purpose and scope of data collection and further processing and use by service providers, as well as the possibility of contact and the rights of the Service User in this regard and the possibility of making settings to protect the privacy of the Service Recipient are described in the privacy policy of the service providers:
5.1. https://www.facebook.com/policy.php
5.2. https://help.instagram.com/519522125107875?helpref=page_content
5.3. https://policy.pinterest.com/pl/privacy-policy
5.4. https://policies.google.com/privacy?hl=en&gl=ZZ.
6. If the Service Recipient does not want social networking sites to assign data collected during visits to the website www.illetto.pl directly to their profile on a given website, they must log out of this website before visiting the website www.illetto.pl. The service recipient may also completely prevent the loading of plug-ins on the website by using appropriate extensions for the browser, e.g., blocking scripts using “NoScript”.
7. The administrator uses remarketing tools on his website, i.e. Google Ads. Their use involves the use of Google LLC cookies. about Google Ads. As part of the mechanism for managing cookie settings, the Service User has the option of deciding whether the Service User will be able to use Google Ads (administrator of external cookies: Google LLC. based in the USA) in relation to them.
§ 7 FINAL PROVISIONS
1. The Administrator uses technical and organizational means enabling the protection of processed personal data which is suitable for dangers and categories of protected data, in particular the Administrator protects the data from being shared to unauthorized persons, taken in possession by unauthorized persons, processed with infringement as well as change, loss, damage, or obliteration.
2. The Administrator provides suitable technical means protecting from obtaining and modifying by unauthorized persons of personal data shared electronically.
3. Matters unregulated in this Privacy Policy are regulated by relevant GDPR stipulations and other provisions of Polish Law.