privacy policy

ONLINE STORE PRIVACY POLICY 

www.affiche.pl

Ewelina Dziedzic, the owner of the Online Store, respects the trust of her customers by storing their data with the utmost care and maintaining security standards, protecting it from unauthorized access. To this end, she has created a Privacy Policy outlining the principles applied to the collection, processing, and use of the Online Store's customer data. This document is for informational purposes only and does not constitute a source of obligations for the Online Store's customers or service recipients.

  1. INFORMATION COLLECTED AND HOW IT IS USED
    1. The Store is committed to protecting personal data in accordance with applicable law.
    2. Customer data will be processed, stored and secured in accordance with applicable law, and Customers of the www.affiche.pl Online Store have the right to view their data, correct it and discontinue its use.
    3. The www.affiche.pl online store requires the Customer to provide the minimum information necessary to properly process the order. This information will not be shared, lent, or sold to third parties.
    4. To fulfill an order, it is necessary to share certain customer data with a courier company or other suppliers. This data is required to complete the delivery, and the companies carrying out the delivery are obligated to use this data only to ensure the smooth delivery process.

  1. COOKIES
    1. A cookie is a text file that is saved on the Client's computer's hard drive via a web browser. A cookie is not used to collect the Client's personal data, and therefore, it is not possible to identify the Client based on its content.
    2. By using the HELP function located in the menu bar of most web browsers, the Customer will obtain information on how to prevent the browser from accepting new cookies, how to set the browser to notify about the receipt of new cookies, and how to completely disable the storage of cookies on the hard drive.
    3. Your browser's cookie settings are important for consenting to the use of cookies by the Online Store. According to the regulations, such consent can also be expressed through your browser settings. If you do not consent, you must change your browser settings accordingly.
      regarding cookies.
    4. If cookies are disabled, some functions or services of the www.affiche.pl Online Store may not function properly.
    5. The www.affiche.pl Online Store also processes anonymized operational data related to the use of the Online Store (IP address, domain) to generate statistics that aid in the administration of the Online Store. This data is aggregated and anonymous, meaning it does not contain any features that identify visitors to the Online Store. This data is not disclosed to third parties.

  1. EXTERNAL LINKS
    1. The www.affiche.pl online store may contain links to other websites and is not responsible for the privacy practices and policies of those other websites. Please exercise caution when leaving the store and ensure you read the privacy statements on each other website.

  1. PRIVACY POLICY CHANGES
    1. The Privacy Policy may change from time to time. Any changes to the Privacy Policy will be posted on this page. 
    2. If you have any additional questions or concerns regarding this Privacy Policy, please contact us by email: affiche.contact@gmail.com

  1. PERSONAL DATA PROCESSING 

Taking into account the principles of personal data protection resulting from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR), below we present the most important information related to the collection
and processing of personal data of Customers and Service Users of the Online Store www.affiche.pl.

    1. ADMINISTRATOR

The controller of personal data is AFFICHE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ entered into the National Court Register under KRS number 0001117557, with its registered office address: Szkolna 7, 46-233 Bąków, Poland, NIP 7511790952, REGON 529198975, e-mail address: affiche.contact@gmail.com , telephone number: +48 531317562. The controller processes personal data in accordance with applicable regulations and with appropriate technical and organizational measures that meet the requirements of Polish law.

    1. CATALOG OF DATA COLLECTED BY THE AFFICHE.PL ONLINE STORE
  • name and surname;
  • residential address, correspondence address;
  • phone number;
  • email address;
  • bank account number (in case of refund).

The personal data indicated above are collected when using the online store www.affiche.contact@gmail.com  as a Service Recipient or Customer. Personal data is collected through:

  • registration in the Online Store when creating a Customer Account;
  • verification and identification, including when logging in;
  • fulfillment of orders placed via the Online Store;
  • sending e-mails informing you of your willingness to place an order;
  • telephone call and the desire to place an order in the Online Store;
  • commenting on products by submitting reviews or commenting on blog posts;
  • using the functionality of the Online Store.

    1. PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL DATA
  • Using the functionality of the Online Store (including: creating an account, logging in to it and using it).
  • Placing and processing orders in the Online Store.
  • Sending information about changes to the Regulations.
  • Handling the complaints process.
  • Sending commercial information electronically – if the Customer gives separate consent.
  • Conducting correspondence with the client.
  • Information about promotions.
  • Conducting competitions.
  • Preparation of accounting documentation, including issuing invoices.
  • Fulfillment of other obligations arising from the provisions of generally applicable law.

    1. LEGAL BASIS FOR PERSONAL DATA PROCESSING
    • Article 6(1)(a) of the GDPR – in the event of consent to receiving commercial information;
    • Article 6(1)(b) of the GDPR – in a situation where data processing is necessary for the performance of a contract,
    • Article 6(1)(c) of the GDPR – in a situation where processing is necessary to comply with a legal obligation to which the Controller is subject, 
    • Article 6(1)(f) of the GDPR – where data processing is necessary for the purposes of legitimate interests pursued by us or by a third party.

    Providing personal data is voluntary, however, failure to provide personal data or incomplete provision may prevent you from using the functionality of the Online Store.
    In particular, without providing all data, the contract may not be concluded.

      1. OTHER RECIPIENTS OF PERSONAL DATA

    The personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

      • carriers / forwarders / courier brokers - in the case of a Client who uses
        in the Online Store from the method of delivery of the Product by post or courier, the Administrator makes the collected personal data of the Customer available to the selected carrier, forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to complete the delivery of the Product to the Customer;
      • entities handling electronic payments or payment cards - in the case of a Customer who uses electronic payments or payment cards in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected entity handling the above payments in the Online Store at the request of the Administrator
        to the extent necessary to process payments made by the Customer;
      • lending entities/lessors - in the case of a Customer who uses the instalment payment or leasing payment method in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected lender or lessor handling the above payments in the Online Store at the request of the Administrator to the extent necessary to process the payment made by the Customer;
      • service providers supplying the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct business activities,
        including the Online Store and the Electronic Services provided via it (in particular the supplier of computer software for running the Online Store, the e-mail and hosting provider, and the supplier of software for managing the company and providing technical support to the Controller) - the Controller makes the collected personal data of the Customer available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy;
      • providers of accounting, legal and advisory services providing the Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) - the Controller makes the collected personal data of the Client available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

        1. PERSONAL DATA STORAGE PERIOD 

      Personal data collected in connection with your use of the Online Store (including by placing orders) will be stored for the period necessary to fulfill financial reporting obligations (tax settlements). Personal data obtained as a result of consenting to receive commercial information will be stored for a period of 10 years.

        1. RIGHTS OF THE DATA SUBJECT 
        • Right of access, rectification, restriction, erasure, or portability - the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten") , or restriction of processing, and has the right to object to processing, as well as the right to transfer their data. Detailed conditions for exercising the above-mentioned rights are set out in Articles 15-21 of the GDPR.
        • The right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of expressed consent (pursuant to Art. 6 sec. 1 letter a) or Art. 9 sec. 2 letter a) of the GDPR Regulation) has the right to withdraw consent
          at any time without affecting the lawfulness of processing based on consent before its withdrawal.
        • The right to lodge a complaint with a supervisory authority – an individual whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
        • Right to object - a data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) (public interest or task) or (f) (legitimate interest of the controller), including profiling based on these provisions. In such a case, the controller is no longer permitted to process the personal data unless they demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
        • Prawo do sprzeciwu dot. marketingu bezpośredniego - jeżeli dane osobowe są przetwarzane na potrzeby marketingu bezpośredniego, osoba, której dane dotyczą, ma prawo w dowolnym momencie wnieść sprzeciw wobec przetwarzania dotyczących jej danych osobowych na potrzeby takiego marketingu, w tym profilowania, w zakresie,
          to the extent that processing is related to such direct marketing.

        In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of the privacy policy.

        If an individual requests access to their personal data, rectification, erasure, restriction of processing, objection to processing, data portability, or non-submission of a decision based solely on automated data processing, the Controller will provide information on the actions taken in response to the request without undue delay, no later than 30 days from receipt of the request. If necessary, due to the complex nature of the request or the number of requests, the Controller may extend the response period by another 30 days. Within 30 days of receipt of the request, the Controller will inform the recipient of the extension, stating the reasons for the delay. If the request is submitted electronically, the Controller's feedback will be  also transmitted electronically, unless the person requests a different form.

        The provision of information is free of charge.

        If the Customer or the Service Provider becomes aware of a data protection breach, they are obliged to immediately notify the Administrator.