- General information
This document specifies the privacy principles applicable in the Online Shop http://verkline.com/ (hereinafter referred to as the “Online Shop”). The Administrator of the Online Shop is the company VERKLINE Albert Szybiński S.K.A., Obroncow Tobruku 31/86, 01-494 Warsaw( Poland ), VAT number : PL8792736352, firstname.lastname@example.org , phone: +48 509 873 854.
- Personal information
- Personal information collected by the Administrator shall be processed in accordance with the provisions of the the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ( GDPR), current Polish Data Protection Act, the Act on Rendering Electronic Services of 18 July 2002 .
- The Administrator collects information provided voluntarily by the Online Shop Customers. However, the provision of marked personal data is a condition for placing an order, while the consequence of not ordering will be the inability to order products in the store.( the Customer’s name, surname and postal address, phone number and email address.)
- Moreover, the Administrator may record the information about connection parameters, like IP addresses, for technical purposes, for server administration and for collection of general, statistical demographic information (e.g. about the region from which the connection comes), and also for security purposes.
- The Administrator shall make an extra effort in order to protect privacy and information about the Online Shop Customers provided to him. The Administrator shall exercise due diligence when selecting and applying appropriate technical measures, including those of programming and organizational nature, in order to protect the processed data, and in particular he shall protect the data from unauthorized access, disclosure, loss and destruction, unauthorized modification, and also from their processing with the breach of the applicable provisions of law.
- Personal data will be processed in accordance with the principles of art. 5 GDPR.
Personal data will be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1) GDPR, not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
- As part of the Administrator’s use of the tools supporting his current activity, provided by e.g Google Customer’s Personal Data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country where an entity cooperating with it maintains tools for processing Personal Data in cooperation with the Administrator.
- Legal basis
- The basis for the processing of the Customer’s Personal Data is primarily the necessity to perform the contract to which he is a party or the need to take action at his request prior to its conclusion (Article 6 par 1 ( b) of GDPR).
- After expressing separate consent, pursuant to art. 6 par. 1 (a) GDPR data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – respectively in connection with art. 10 para. 2 of the Act of 18 July 2002 on the provision of electronic services or art. 172 para. 1 of the Act of 16 July 2004 – Telecommunications Law.
- In other purposes, the Customer’s Personal Data may be processed on the basis of:
- applicable law when processing is necessary to fulfill the legal obligation of the Administrator e.g. when based on tax regulations or accounting one, The Administrator settles concluded sales contracts (Article 6 (1) (c) of the GDPR);
- indispensable for purposes other than those mentioned above resulting from legitimate interests pursued by the Administrator or by a third party, in particular to determine, assert or defend claims, market and statistical analyses (Article 6 (1) (f) GDPR).
- Personal data processed for purposes related to the purchase will be processed for the period necessary to complete the purchase and order, after which the data subject to archiving will be stored for the period appropriate for the limitation of claims. Personal data processed for marketing purposes covered by the consent statement will be processed until the consent is revoked.
- Recipients of personal data
Recipients of the Buyer’s personal data may by entities performing the order at the Seller’s request and handling it, such as: accounting companies, assembly services, providers of IT solutions, payment processing companies, banks, companies providing marketing services, telecommunication providers, law offices, authorised state authorities.
Transaction data, including personal data, can be transferred to:
– Tpay (Krajowy Integrator Płatności S.A. , Św. Marcin 73/6 street, 61-808 Poznań, Poland)
– PayPal ( PayPal (Europe) S.à r.l. & Cie, S.C.A., 5. Etage, 22-24 Boulevard Royal, 2449 Luxembourg ).
– Elavon Financial Services Designated Activity Company, Puławska 17 street, 02-515, Warsaw, Poland, company number: 287836
– Polskie ePlatnosci sp. z o.o. based in Tajecinie (previously ‘Paylane’ sp. z o.o.), Tajecina 113, 36-002 Jasionka, Poland, KRS: 0000227278, NIP 5862141089 i REGON 220010531
- Your rights on personal data concerning you
- As Customers provide their personal information voluntarily, they shall have the right to access their personal data and the right to rectify, delete, limit the processing, the right to data transfer, the right to object, the right to withdraw consent at any time .
- If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
- Detailed conditions of the above rights shall be indicated in Articles 1522 of the GDPR Regulation.