1. GENERAL PROVISIONS
1.2. The administrator of personal data collected through the Online Store is Sofaroom sp. z o.o. with its registered office in Warsaw (02-972), Avenue of the Republic 18/68, registered in the Register of Entrepreneurs of the National Court Register under the number KRS: 0000787558, REGON: 383428729, TAX ID: 9512484916, share capital PLN 5,000.00 paid-up in full, e-mail address: email@example.com – hereinafter referred to as “Administrator” and being both the Internet Store Service Provider and the Seller.
1.3. The personal data of the Customer and the Customer are processed on the basis of Art. In this context, the commission shall inform the Commission of the In this way, the commission shall inform the Commission of the (a), point (a), (b) and (c), (b), point (a) shall be replaced by the following (c) and (b) shall be replaced by the following: (f) Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”).
1.4. The controller takes special care to protect the interests of data subjects and, in particular, ensure that the data collected by him are processed lawfully; collected for designated, legitimate purposes and not subjected to further processing incompatible with those purposes; substantively correct and adequate in relation to the purposes for which they are processed and stored in a form enabling the identification of the persons concerned for no longer than is necessary to achieve the purpose of the processing.
1.5. Any words, phrases, or acronyms that appear on this page and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood according to their definition contained in the Regulations of the Online Store available on the websites of the Online Store.
2. PURPOSE AND SCOPE OF DATA COLLECTION AND RECIPIENTS OF DATA
2.1. Each time the purpose, scope and recipients of the data processed by the Administrator is due to actions taken by the Customer or the Customer in the Online Store. For example, if the Customer chooses a personal collection instead of a courier during the order, his personal data will be processed for the purpose of concluding and executing the Sales Agreement, but will no longer be made available to the carrier carrying out shipments on behalf of the Administrator.
2.2. Possible purposes of collecting personal data of Customers or Clients by the Administrator:
2.2.1. conclusion and performance of the Sales Agreement or the contract for the provision of the Electronic Service (e.g. Account).
2.2.2. direct marketing of the Administrator’s own products or services.
2.2.3. customer’s opinion of the concluded Sales Agreement.
2.3. Possible recipients of personal data of Customers of the Online Store:
2.3.1. In the case of a Customer who uses the method of delivery by post or courier in the Online Store, the Administrator shall make the collected personal data of the Customer available to the selected carrier or intermediary carrying out shipments on behalf of the Administrator.
2.3.2. In the case of a Customer who uses the electronic payment method or payment card in the Online Store, the Administrator shall make the collected personal data of the Customer, the selected entity handling the above payments in the Online Store.
2.3.3. In the case of a Customer who has agreed to give an opinion about the concluded Sales Agreement, the Administrator shall make the collected personal data of the Customer available to the selected entity operating the system of surveys reviewing the concluded Sales Agreements in the Online Store.
2.4. The Administrator may process the following personal data of The Service Recipients or Customers using the Online Store: name; e-mail address; Contact phone number; delivery address (street, house number, business number, postcode, city, country), address of residence/business/registered office (if different from the delivery address). In the case of Customers or Non-Consumers, the Administrator may additionally process the company name and tax identification number (TAX ID) of the Customer or Customer.
2.5. The provision of personal data referred to in the above section may be necessary for the conclusion and performance of the Sales Agreement or the contract for the provision of the Electronic Service in the Online Store. Each time the scope of data required for the conclusion of the contract is indicated in advance on the website of the Online Store and in the Regulations of the Online Store.
3. COOKIES AND OPERATIONAL DATA
3.1. Cookies are small text information in the form of text files, sent by the server and stored on the part of the visitor to the Website of the Online Store (e.g. on the hard drive of a computer, laptop, or on a smartphone memory card – depending on the device used by the visitor of our Online Store). Detailed information on the as well as the history of their creation can be found m.in. here: http://pl.wikipedia.org/wiki/Ciasteczko.
3.2. The Administrator may process the data contained in cookies when used by visitors from the Website of the Online Store for the following purposes:
3.2.1. identify the Services as logged in to the Online Store and show that they are logged in;
3.2.2. memorize products added to your shopping cart for the purpose of placing an Order;
3.2.3. remember data from completed Order Forms, surveys or online store login details;
3.2.4. adapt the content of the Online Store page to the individual preferences of the Customer (e.g. regarding colors, font size, page layout) and optimize the use of the Websites of the Online Store;
3.2.5. conducting anonymous statistics on how to use the Website of the Online Store.
3.5. Detailed information on how to change the settings for cookies and delete them yourself in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
in Internet Explorer
3.6. The Administrator also processes anonymized operational data related to the use of the Online Store (IP address, domain) to generate statistics to help in administering the Online Store. These data are aggregated and anonymous, i.e. do not contain characteristics that identify visitors to the Online Store page. This data is not disclosed to third parties.
4. BASIS OF DATA PROCESSING
4.1. The provision of personal data by the Customer or the Customer is voluntary, although failure to provide the personal data necessary for the conclusion and performance of the Sales Agreement or the contract for the provision of the Electronic Service, indicated on the Website of the Online Store and in the Regulations of the Online Store, results in the inability to conclude such an agreement.
4.2. The basis for the processing of personal data of the Customer or the Client is the need to perform a contract to which it is a party or take action at his request before its conclusion. In the case of data processing for the direct marketing of the Administrator’s own products or services, the basis for such processing is (1) the prior consent of the Customer or the Client or (2) the fulfillment of legitimate purposes pursued by the Administrator (in accordance with Article 23(4) of the Personal Data Protection Act, the legitimate purpose is considered, in particular, to direct marketing of the Administrator’s own products or services).
4.3. In the case of data processing for the purpose of the Customer’s opinion about the concluded Sales Agreement, the basis for such processing is the consent of the Customer or the Customer.
5. THE RIGHT TO CONTROL, ACCESS AND CORRECT THE CONTENT OF THEIR DATA
5.1. The Customer or Customer has the right to access and correct the content of his/her personal data.
5.2. Each person has the right to control the processing of data concerning him or her contained in the Data Collection of the Controller, and in particular the right to: request the completion, updating, rectification of personal data, temporary or permanent suspension of their processing or their deletion, if they are incomplete, outdated, untrue or collected in violation of the Act or are no longer necessary for the purpose for which they were collected.
5.3. In the event that the Customer or the Customer give consent to the processing of data for the direct marketing of the Administrator’s own products or services, the consent may be revoked at any time.
5.4. In the event that the Administrator intends to process or process the data of the Customer or the Client for direct marketing of the Administrator’s own products or services, the data subject is also entitled to (1) make a written, reasoned request to stop processing his data due to his specific situation or to (2) object to the processing of his data.
6. FINAL PROVISIONS
6.2. The Controller shall take technical and organisational measures to ensure the protection of the personal data processed appropriate to the risks and categories of data protected, and in particular protects the data against its availability to unauthorized persons, removal by an unauthorized person, processing in violation of applicable regulations and alteration, loss, damage or destruction.
6.3. The Administrator shall duly provide the following technical means to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically: 6.3.1. Protect the dataset from unauthorized access.
6.3.2. Access to the Account only after entering an individual login and password.
6.3.3. SSL certificate.