PRIVACY POLICY
§1 [Definitions]
- Administrator – Dariusz Wichrowski, conducting business under the name Dariusz Wichrowski, Wichowo 31A, 87-600 Lipno, TIN: 8931307288, REGON: 341361389.
- User/Customer – any natural person visiting the Site or using one or more services offered by the Administrator.
- Service – the website operated by the Administrator.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- Policy – this Privacy Policy.
§2 [Privacy Policy]
The confidentiality of data and the protection of the privacy of our Customers is a priority issue for us. Therefore, out of concern for the security of their data and respecting the applicable laws, the Administrator has established a policy setting out the rules on how we collect, process and use personal data.
The Policy is addressed to:
- Individuals using the Service
- Clients and contractors
- Potential customers
- Recipients of marketing content
- Individuals acting on behalf of clients
§3 [Administrator]
The Administrator of the personal data is Dariusz Wichrowski, doing business under the name Dariusz Wichrowski, Wichowo 31A, 87-600 Lipno, TIN: 8931307288, REGON: 341361389.
§4 [What is personal data?]
Personal data is, according to the GDPR, information about an identified or identifiable natural person. In the case of the use of our Service, such data are, for example, your e-mail address, IP address or your data in an e-mail account or account in another service offered by the Administrator. Personal data may be stored in cookies or similar technologies (e.g., local storage) installed by the Administrator on websites and devices that you use when using its services.
§5 [Data sources, basis and purpose of processing]
- The Administrator obtains data directly from data subjects, for example, in connection with the User’s contacting the Administrator through contact forms available on the Service.
- Data of persons acting on behalf of clients and customers may be provided to the Administrator in the content of contracts or orders concluded.
- The Administrator specifies that in order to establish cooperation or verify the registration data of a client/contractor, the Administrator may obtain data from publicly available sources, collections or registers, including but not limited to:
- National Court Registry
- the Central Register and Information on Economic Activity, while such data shall be consistent with the scope of publicly available data.
- Processing of personal data requires a legal basis. GDPR provides several types of legal bases for data processing, and in cases of using the Administrator’s services, three of them will generally apply:
- Based on Article 6(1)(b) and (c) GDPR for the purpose of:
- taking actions – at the request of the data subject or to perform a contract to which the data subject is a party – before entering into a contract,
- fulfilling a legal obligation incumbent on the Administrator,
- handling complaints and withdrawals from concluded contracts.
- Based on the legitimate interest of the Administrator (Article 6(1)(f) GDPR) for the purpose of:
- offering and servicing own products or services,
- pursuing or securing claims belonging to the Administrator,
- for analytical and statistical purposes
- for the Administrator’s marketing purposes (sending commercial information electronically and telemarketing activities).
- Based on separate consent (based on Article 6(1)(a) GDPR) for the purpose of:
- providing the client with information about proposed changes to the Agreement, including the Regulations, about changes in name (company), address, or registered office, confirming the acceptance of a complaint and providing a response to it at the indicated email address (e-mail),
- direct marketing of the Administrator’s own products or services. Direct marketing referred to in points a) and b) above may be carried out using electronic communication means (e.g., SMS, MMS, e-mail) and telecommunications end devices (e.g., decoder, telephone, tablet).
- Personal data will be processed only if one of the legal bases permitted by the GDPR is available and only for the purpose tailored to the given basis, in accordance with the content of paragraph 4 of this section.
§6 [Scope of personal data collected]
The Administrator collects and processes, among others, the following personal data:
- basic personal data (name, address, ID card/passport number, PESEL, bank account number) for the purpose of concluding or performing a contract, as well as providing services,
- contact details (telephone number and e-mail address) processed in the case of inquiries sent from the contact form available on the Service,
- payment data (e.g., credit card data or payment tokens from external payment service providers), identifying data of the payer (name, address in the case of individual customers, and company name, registered office address, and tax identification number in the case of corporate customers) for the purpose of posting payments and issuing the appropriate sales document.
§7 [Retention period of personal data]
- Personal data processed for the purpose of concluding or performing a contract and fulfilling the legal obligation of the Administrator will be stored for the duration of the contract and for five years after its termination, and after its expiry for the period necessary to:
- after-sales customer service,
- securing or pursuing claims belonging to the Administrator,
- fulfilling the legal obligation of the Administrator.
- Personal data processed for the purposes of marketing the Administrator’s own products or services based on a legitimate interest will be processed until objection is raised by the person whose data are processed.
- Personal data processed based on separate consent will be stored until it is withdrawn.
§8 [User’s rights]
- Rights of the data subject:
- the right to access their personal data, i.e., the right to obtain confirmation whether the Administrator processes data and information about such processing,
- the right to rectify data if the processed data are incorrect or incomplete,
- the right to request the erasure of data, restriction of processing,
- the right to object to the processing based on the legitimate interest of the Administrator or processing for direct marketing purposes,
- the right to lodge a complaint with the Polish supervisory authority or the supervisory authority of another EU Member State, competent due to the habitual residence or work of the person whose data are processed, or due to an alleged violation of the GDPR,
- withdrawing any consent given to the Administrator at any time, with the withdrawal of consent not affecting processing carried out by the Administrator before its withdrawal.
- The rights listed above can be exercised by contacting the Administrator, via e-mail: kontakt@designforkids.pl.
§9 [Data collected automatically]
During visits to the Service, data concerning the User’s activity, such as IP address, browser type, operating system type, are automatically recorded. This data is used solely for administrative and statistical purposes. The transmission of personal data and communication with our servers is encrypted and carried out using the SSL (Secure Socket Layer) protocol.
§10 [Cookies]
- The Administrator uses Cookies technology. Cookies are information packets saved on the User’s device through the Service, typically containing information consistent with the purpose of the respective file, by which the User uses the Service.
- The Administrator utilizes two types of Cookies:
- session cookies, which are permanently deleted when the User’s browser session ends,
- persistent cookies, which remain on the User’s device after the browser session ends until they are deleted.
- Based on Cookies, both session and persistent, it is not possible to determine the User’s identity. The Cookies mechanism does not allow the retrieval of any personal data. The User can independently change the Cookie settings at any time by specifying the conditions for their storage, through the settings of the web browser or by configuring the service, according to the manufacturer’s instructions, although this may result in the unavailability of some or all of the Service’s functions. The Administrator uses Cookies, among other things, to authenticate the User on the Service, maintain sessions, customize the content of pages to the User’s preferences, and create statistics (anonymous) allowing for optimizing the usability of the Service, through analytical tools such as Google Analytics, analysis, and viewership studies, as well as providing advertising services.
- The User can delete Cookies at any time using the available functions in the web browser they use.
§11 [Social Media Platforms]
The Administrator processes the personal data of Users visiting profiles maintained on social media platforms (Facebook, YouTube, Instagram, Twitter). This data is processed solely in connection with managing the profile, including informing Users about the Administrator’s activities and promoting various events, services, and products, as well as communicating with Users through functionalities available on social media platforms. The legal basis for the Administrator’s processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) GDPR) in promoting its own brand and building and maintaining a community associated with the brand.
§12 [Data Recipients]
In connection with the provision of services, personal data will be disclosed to external entities, including providers responsible for IT system maintenance, entities such as banks and payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with order fulfillment), marketing agencies (for marketing services), and contractors of the Administrator to the extent necessary for the performance of a contract concluded with the User. With the User’s consent, their data may also be shared with other entities for their own purposes, including marketing purposes. The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties that request such information, based on the appropriate legal basis and in accordance with applicable law.
§13 [Transfer of Data outside the European Union]
As the Administrator may use services of other providers, personal data may be transferred outside the territory of the European Union. In such a case, the transfer of data will be based on an appropriate agreement between the Administrator and the respective entity, containing standard data protection clauses adopted by the European Commission.
§14 [Contact Regarding Personal Data]
Any inquiries or requests regarding personal data can be submitted to the Administrator:
- by sending an email to the address: kontakt@designforkids.pl,
- through the contact form available on the Service.
