Policy of privacy and use of cookies on the website

kubekurody.pl

§ 1 General provisions

1. the Policy on privacy and use of cookies on the https://www.kubekurody.pl website (hereinafter referred to as the "Policy") has been created and adopted by the Owner.

2. The terms used in the Policy shall mean:

1) Service: the https://www.kubekurody.pl website;

2) User: the entity using the Service;

3) Owner: Kubek Urody Dominik Hoffmann, ul. Znanieckiego 12E/1, 60-682 Poznań, NIP: 9720967924.

4) Cookies: text files, sent by the Service and stored on the User's terminal device, which the User uses while using the Service.

3. The purpose of the Policy is, in particular:

1) to provide Users with information regarding the use of Cookies on the Service, as required by law;

2) to provide Users with privacy protection to the extent corresponding to the standards and requirements of the applicable legislation.

4. The Owner shall limit the collection and use of information on Users to the minimum necessary.

5. In order to gain full access through the Service to the content and services offered by the Owner, it is advisable to accept the Policy. Acceptance can be done through the settings of the software installed in the device used by the User or the configuration of the Service.

6. The following laws, among others, shall apply: 

1) the Law on Electronic Communications of July 12, 2024 (Journal of Laws 2024.1221); 

2) the Act of July 18, 2002 on the provision of electronic services (Journal of Laws 2024.1513, as amended); 

3) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016) (hereinafter: the “Regulation”); 

4) Act of May 10, 2018 on the protection of personal data (Journal of Laws 2019.1781, as amended). 

§ 2 Privacy and personal data protection

1. Data on Users shall be processed by the Owner in accordance with the provisions of the law. The personal data of Users obtained by the Owner is processed on the basis of the consent given by the User or the occurrence of another premise authorizing the processing of data according to the legislation.

2. The Owner shall take special care to protect the interests of data subjects, and in particular shall ensure that the data are:

1) processed in accordance with the law, fairly and transparently for Clients and other data subjects;

2) collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;

3) adequate, relevant and limited to what is necessary for the purposes for which they are processed;

4) correct and updated as necessary;

5) kept in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data are processed;

6) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures,

3. The Owner shall apply appropriate technical and organizational measures to ensure the security of personal data processing and the protection of processed personal data appropriate to the nature, scope, context and purposes of processing and the risk of violation of the rights or freedoms of individuals.

4. The Owner shall strive to systematically upgrade the IT, technical and organizational measures used to protect such data, in particular, the Owner shall ensure that the IT security measures are updated to protect against unauthorized access, loss, alteration or destruction and other threats emanating from the operation of the IT system and telecommunications networks.

5. Any User who has made his or her data available to the Owner in any way shall be provided by the Owner with access to the data and the exercise of other rights of data subjects in accordance with the applicable laws in this regard, including the following rights of data subjects:

1) the right to withdraw consent on the processing of personal data;

2) the right to information regarding their personal data;

3) the right to control the processing of data, including supplementation, updating, rectification, deletion;

4) The right to object to processing or to restrict processing;

5) the right to complain to the supervisory authority and use other legal remedies to protect their rights.

6. The Owner may process personal data in an automated manner, including through profiling, under the terms of the Regulation. In this case, the purpose of the Owner's actions is for marketing purposes or the need to personalize messages sent to Users (including tailoring information to the User's needs or expectations). The User has the right to object to such processing of his/her data - this objection can be expressed by sending a message to the Owner's address: Kubek Urody Dominik Hoffmann, ul. Znanieckiego 12E/1, 60-682 Poznań, NIP: 9720967924. phone no. 732448881, email address: sklep@kubekurody.pl.

7. A person with access to personal data shall process such data only on the basis of the Owner's authorization or a contract of entrustment of personal data processing and only on the Owner's instructions.

8. In connection with the operation of the Website, the Owner uses the services of other entities, including for the purpose of performing the service for the User. Users' personal data may be transferred to:

1) the hosting company,

2) a software provider to operate the Service,

3) Internet service provider,

4) provider of marketing or advertising services.

§ 3 Cookies

1. The Owner uses Cookies primarily to ensure the proper functioning of the Service and its basic functions.

2. The Owner may also use its own or partners' Cookies for analytical, functional or marketing purposes, but only if the User agrees.

3. The Service may use the following types of Cookies:

1) essential Cookies, the purpose of which is to provide the User with access to the Website and its correct operation Without them, the Owner would not be able to provide the User with services on the Website, for which reason their use does not require the User's consent;

2) Analytical Cookies, the purpose of which is to collect information and create statistics for improving the Website (including checking the number of visits or traffic to the Website and its sources). These are optional Cookies, so the Owner may use them only if the User agrees;

3) Functional Cookies, the purpose of which is to remember the User's preferences regarding the Service (including the appearance of the Service, language, font or other customizable elements) and to provide personalized content. These are optional Cookies, so the Owner may use them only if the User agrees;

4) marketing Cookies, the purpose of which is to collect information about the User's preferences or interests and tailor advertising or marketing content to those preferences. These are optional Cookies, so the Owner may use them only if the User consents.

4. The User may decide on his/her preferences regarding Cookies by managing Cookies. The Service uses a consent management platform where the User can at any time express or withdraw consent to the use of optional Cookies, change statements, obtain information regarding Cookies.

5. Regarding the storage time of Cookies on Users' devices, the Service uses:

1) session Cookies, which are not stored on the Users' devices after the end of the session (e.g. after logging out or closing the Website or the browser) or for another period indicated in the cookie consent management tool;

2) permanent Cookies, which are stored on Users' devices also after the end of the session and for the time specified in their parameters or until they are deleted by the User. The time specified in the parameters of the Cookies can be checked on the consent management platform for each Cookie separately.

6. As part of the use of the Website, Cookies from the Owner's partners such as Google, Facebook, Tiktok, Consent Manager or others may be placed on the Users' devices, the list of which may change over time, the information is available through the functionality for managing cookie settings.

7. In some cases, the software installed by the User on the terminal device used for web browsing (e.g. Internet browser) introduces default storage of Cookies on the User's terminal device. Users may change their settings regarding Cookies at any time. Detailed information in this regard is available in the settings and instructions for the software (web browser). Failure to change the settings means that the data will be placed on the User's terminal device (use of the Website will cause automatic placement of Cookies on the User's terminal device). Changing the settings of your browser may make some services not work properly, or even completely prevent you from using the Website.

8. Stored data placed on the User's terminal device does not cause configuration changes in the User's terminal device or software installed on that device.

9. Information on Cookies may also apply to other similar technologies used within the Service.

10. The User may also manage Cookies at the level of the Internet browser in a way that the functionality of the browser allows.

§ 4 Complaints

1. Complaints can be addressed to the Owner in electronic form at sklep@kubekurody.pl.

2. It is possible to use out-of-court ways of processing complaints and claims in legal relations with Consumers, including:

1) the possibility of resolving disputes electronically using the ODR (online dispute resolution) platform, available at https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=PL;

2) the possibility of amicable proceedings before a common court or other authorities.

3. The owner undertakes to consider the complaint within 14 days.

4. If the complaint is accepted, the Owner will take appropriate action.

5. In order to process complaints, the Owner shall process personal data of Users submitting complaints, in particular e-mail address, name, surname, content of the complaint, circumstances of the event causing the complaint, information obtained in the course of processing the complaint, including explanation of the event causing the complaint. In the course of complaint processing, the Owner may process a variety of other information, including information about the User's use of the Services, Cookies or other similar technologies, device information. This data is processed in accordance with Article 6(1)(b) of the Ordinance in order to investigate the complaint and is processed for the time necessary to investigate the complaint and after the complaint procedure is completed for archiving purposes in accordance with the Accounting Act in case of the need to defend against possible claims against the Owner.

6. If an investigation is undertaken regarding a possible violation of the provisions of the Policy or the law, rules of social coexistence or morality, the Owner may process the User's personal data until the conclusion of the pending investigation and the expiration of the limitation period for claims, which is usually 3 years, but may be longer in special cases provided by law. The data will then be processed, including being made available in accordance with Article 6(1)(f) of the Regulation, i.e. for the legitimate interest of the administrator in pursuing its claims against the User. The legitimate interest will then be a purpose that overrides the User's rights and freedoms.

§ 5 Final provisions

1. The Policy has been adopted by order of the Owner and comes into force on 01.03.2024.

2. Any deviation from the Policy shall be in writing under pain of invalidity.

3. The law applicable to the Policy shall be the law of the Republic of Poland.

4. In matters not regulated by the Policy, the relevant provisions of law shall apply.

5. This document is protected by copyright and made available on lienation rights. Any use of the document without the permission of the author, distribution by publication is prohibited.

INFORMATION FROM THE PERSONAL DATA CONTROLLER - RODO

Who is the administrator of your personal data?

The administrator of your personal data is DOMINIK HOFFMANN conducting business activity under the name of Kubek Urody Dominik Hoffmann, ul. Floriana Znanieckiego 12E/1, 60-682 Poznań, run by the minister responsible for economy NIP 9720967924, REGON 300718188, registered in the Central Register and Information on Business Activity, email - biuro@kubekurody.pl, tel. +48732448881.

Who is the contact person at the administrator?

In matters related to the processing of your personal data, you can contact Dominik Hoffmann, e-mail: biuro@kubekurody.pl

What is the purpose of personal data processing and the legal basis for this processing? 

a. Purpose of processing - performance of the sales contract concluded with you

Legal basis for processing - Article 6(1)(b) of the Regulation and Article 535 of the Civil Code.

b. Purpose of processing - contacting you to provide information or respond to your inquiry

Legal basis for processing - Article 6(1)(b) of the Ordinance or Article 6(1)(f) of the Ordinance as a legitimate interest of the controller to provide adequate customer service 

c. Purposes of processing - receiving, processing and fulfilling your complaints 

Legal basis for processing - Article 6(1)(b) of the Ordinance or Article 6(1)(f) of the Ordinance as a legitimate interest of the controller, which is to provide adequate customer service and enable customers to realize their rights

d. Purposes of processing- receiving, processing and fulfilling the return of goods

Legal basis for processing - Article 6(1)(b) of the Ordinance or Article 6(1)(f) of the Ordinance as the legitimate interest of the controller, which is to provide adequate customer service and to enable customers to realize their rights

e. Purposes of processing - assertion of claims against or by customers

Legal basis for processing - Article 6(1)(b) of the Ordinance or Article 6(1)(f) of the Ordinance as a legitimate interest of the controller, which is to pursue claims against customers and defend against claims by customers

f. Processing purposes - execution of the mailing of newsletters, ordered by you

Legal basis for processing - Article 6(1)(b) of the Ordinance or Article 6(1)(f) of the Ordinance as a legitimate interest of the administrator, which is the marketing of its own services.

g. Processing purposes - conducting the contest, publishing the results of the contest, distributing prizes

Legal basis for processing - Article 6(1)(b) of the Regulation

h. Processing purposes- keeping the administrator's accounts, issuing invoices and accounting documents

Legal basis for processing - Article 6(1)(b) of the Regulation

i. Processing purposes - mailing, receipt and recording of correspondence

j. Information on product recovery and product safety warnings in accordance with the requirements of Regulation (EU) 2023/988 of the European Parliament and of the Council of May 10, 2023 on general product safety, amending Regulation (EU) No. 1025/2012 of the European Parliament and of the Council and Directive (EU) 2020/1828 of the European Parliament and of the Council and repealing Directive 2001/95/EC of the European Parliament and of the Council and Council Directive 87/357/EEC (OJ EU.L.2023.135.1, 2023.05.23 - Legal basis for processing - Article 6(1)(c).

How are personal data obtained?

Personal data is obtained directly from you.

To whom are personal data transferred?

In order to ensure proper organization, service and performance of contracts, your personal data may be transferred to the following categories of recipients:

1. service providers supplying the Administrator with technical or organizational solutions to enable sales or services to you, or to manage the organization (in particular, ICT service providers, courier or postal companies, payment intermediary companies),

2. to providers of legal and advisory services and to support the Administrator in the collection of due claims (in particular, law firms, debt collection companies),

3. providers of accounting services in order to fulfill accounting obligations.

Is or will personal data be transferred outside the European Union?

Due to the fact that the controller uses third-party providers, e.g. for hosting or IT systems, your personal data may be transferred outside the European Union. In this case, appropriate measures will be taken to secure your personal data.

For how long will your personal data be processed?

Your personal data will be processed by the Administrator for the time necessary for the performance of the contract, and in the case of data processing for the purpose of claiming damages (e.g. in debt recovery proceedings) - for the period of the statute of limitations for claims under civil law. We process data for accounting purposes and for tax reasons for 5 years calculated from the end of the calendar year in which the tax obligation arose. After the expiration of the above-mentioned periods, your data is deleted or anonymized.

What rights do persons whose personal data is processed have?

You have the right to request from the Administrator access to your data, rectification, deletion or restriction of processing. You may exercise the right to object to the Administrator against the processing of your data, and the right to data portability to another data controller. You also have the right to lodge a complaint with a data protection supervisory authority.

Is the provision of personal data a statutory or contractual requirement or a condition for entering into a contract?

The use of the Administrator's services, including the conclusion of a contract with the Administrator in the scope of its activities, is entirely voluntary, however, as a business, the Administrator is obliged to perform the contract or keep records in the manner prescribed by law, including with the use of your personal data. Your provision of personal data may be a contractual obligation or a condition for entering into a contract. Also, for accounting or tax reasons, the Administrator has a legal obligation to process your data, which means that in this case the provision of data is a statutory requirement. 

Is the data subject obliged to provide the data and what are the possible consequences of not providing the data?

Failure to provide data may result in a refusal to perform a contract due to the impossibility of its execution. For accounting or tax reasons, failure to provide data may result, for example, in the inability to issue an invoice or accounting document in your favor.

Is automated decision-making, including profiling, used? 

The Administrator does not use automated decision-making, including profiling.

Do you have the right to delete all data from the database (right to forget)?

The Administrator in this situation is obliged to fulfill it without delay if one of the following conditions is met:

a. personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

b. the data subject has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;

c. the data subject objects under Article 21(1) to the processing and there are no overriding legitimate grounds for the processing; or d. the data subject objects under Article 21(2) to the processing;

e. the personal data has been processed unlawfully - requires written justification 

f. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject;

g. the personal data was collected in connection with the offering of information society services referred to in Article 8(1) of the RODO.

Legal basis - Article 17. of the RODO, whose data are processed have the right to notify the controllers of the personal data to request their deletion without delay. 

Will personal data be processed for a purpose other than the purpose for which the personal data was collected?

Personal data will not be processed for a purpose other than that for which it was collected

Legal basis for the transfer of information - Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119 of 4.5.2016, referred to as the "Regulation").