- Any words, expressions and acronyms that appear in this document and start with a capital letter (e.g. Seller, Online Store/Store, Electronic Service, etc.) shall be understood in accordance with their definitions included in the Terms and Conditions of the Store available on the website of the Store.
- The Administrator of personal data collected through the Online Store https://dadastudio.pl is Dada Studio Michał Jarociński (hereinafter also referred to as the "Seller") entered into the Central Registration and Information on Business Record of the Republic of Poland kept by the minister in charge of economy, with the place of business and address for service at: Miła 5a, 05-082 Babice Nowe, Poland, NIP PL9511919298, REGON 016268575, e-mail address: firstname.lastname@example.org, phone number: +48 501 160 590, hereinafter referred to as the "Administrator".
- Personal data of the Service User and the Customer are processed pursuant to the Personal Data Protection Act of 29 August 1997 (Dz.U. [Journal of Laws] No. 133, item 883, as amended) (hereinafter referred to as: the Personal Data Protection Act) and the Act on Provision of Electronic Services of 18 July 2002 (Journal of Laws of 2002, No. 144, item 1204 as amended).
- The Administrator shall protect the interests of data subjects with due care and, in particular, ensure that the data collected are processed in accordance with the law for specified, lawful purposes, and that data are no further processed in a way incompatible with the intended purposes, the data are relevant and adequate to the purposes for which they are processed, and they are stored in a form which allows identification of data subjects, no longer than it is necessary for the purposes for which they are processed.
- Any words, expressions and acronyms that appear in this document and start with a capital letter (e.g. Seller, Online Store/Store, Electronic Service) shall be understood in accordance with their definitions included in the Terms and Conditions of the Store available on the website of the Store.
Purpose and scope of data collection and data recipients
- Each time, the purpose, scope, and recipients of the data processed by the Administrator result from actions taken by the Service User or the Customer in the Online Store. For example, if the Customer, when placing an Order, selects personal collection instead of the courier service, his/her personal data will be processed for the purpose of conclusion and performance of the Sales Contract, but will not be made available to the carrier performing the delivery on behalf of the Administrator.
The possible purposes of collecting personal data of Service Users or Customers by the Administrator:
- conclusion and performance of the Sales Contract or the Contract for Provision of Electronic Services (e.g. Account).
- direct marketing of own products or services provided by the Administrator.
- expressing opinion by the Customer on the concluded Sales Contract.
- The Administrator provides the collected Customer's personal data to the selected companies processing payments made in the Online Store.
- The Administrator may process the following personal data of Service Users or Customers using the Online Store: first and last name; e-mail address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/place of business/registered seat (if different from delivery address). In the case of Service Users or Customers who are not consumers, the Administrator may also process the company name and tax identification number (NIP) of the Service User or the Customer.
- Providing personal data referred to in sec. 2.4 above may be necessary for the conclusion and performance of the Sales Contract or the Contract for Provision of Electronic Services in the Online Store. Each time, the scope of data required to conclude the contract shall be previously indicated on the website of the Online Store and in the Terms and Conditions of the Online Store.
Cookies and operational data
- Cookies are small bits of text information in the form of text files sent by the server and saved on a device of a visitor of the Online Store website (e.g. on the hard drive of a computer, a laptop or on a smartphone memory card – depending on what device is used by a visitor of our Online Store). Detailed information on Cookies, as well as the history of their creation can be found, among others, here.
The Administrator may process data contained in Cookies when using the Online Store website by visitors for the following purposes:
- identification of Service Users as logged into the Online Store and showing that they are logged in;
- saving Products added to the shopping cart so that an Order can be placed;
- saving data from the Order Forms, surveys or data used for logging into the Online Shop;
- customising content of the Online Store to individual preferences of the Service User (e.g. concerning colours, font size, site layout) and optimising the use of the Online Store websites;
- keeping anonymous statistics showing how the website of the Online Store is used.
- The details on how to change Cookies settings and how to delete Cookies in the most popular web browsers are available after clicking on "Help" in a web browser and on the following websites (just click on the link).
- The Administrator also processes anonymised operational data related to the use of the Online Store (the so-called logfiles – IP address, domain) to generate statistics to help in the administration of the Online Store. These data are cumulative and anonymous, i.e. they do not contain any identifying characteristics of visitors of the website of our Online Store. The logfiles are not disclosed to third parties.
Basis for data processing
- Providing personal data by the Service User or the Customer is voluntary, but failing to provide personal data indicated on the website of the Online Store and in the Terms and Conditions required for conclusion and performance of the Sales Contract or the Contract for Provision of Electronic Services shall make it impossible to conclude this contract.
- Processing personal data of the Service User or the Customer is necessary for the contract performance to which he/she is a party or taking actions before its conclusion at his/her request. In the case of data processing for the purpose of direct marketing of own products or services rendered by the Administrator, the basis for such processing shall be (1) the prior approval of the Service User or the Customer, or (2) the fulfilment of legally justified objectives pursued by the Administrator (in accordance with Article 23, paragraph 4 of the Personal Data Protection Act, legally justified objectives are, in particular, direct marketing of own products or services rendered by the Administrator).
- In the case of data processing for the purpose of obtaining an opinion expressed by the Customer on the Sales Contract concluded, such processing shall be based on the consent of the Service User or the Client.
The right to control, access data and correct them
- The Service User or the Customer has the right to access their personal data and correct them.
- Every person has the right to control the processing of data concerning them, contained in the data set of the Administrator, and, in particular, the right to: request amendment, update, or correction of personal data, temporary or permanent suspension of their processing or removal if they are incomplete, outdated, untrue or collected in violation of the law, or are no longer necessary for the purpose for which they were collected.
- If the Customer or the Service Recipient consents to the processing of data for the purpose of direct marketing of own products or services provided by the Administrator, the consent may be revoked at any time.
- If the Administrator intends to process or processes data of the Service User or the Customer for the purpose of direct marketing of own products or services provided by the Administrator, the data subject is also entitled to (1) submit a written, substantiated request to stop processing the data due to particular circumstances, or to (2) object to the processing of data.
- The administrator shall use technical and organisational measures to protect the processed personal data accordingly to the risks and the category of data under protection and, in particular, shall protect data against unauthorized disclosure, unauthorized access, processing in violation of applicable laws as well as change, loss, damage or destruction.
The Administrator shall provide the following technical measures preventing unauthorised access to and modification of personal data sent electronically:
- Data set protection against unauthorised access.
- Access to an Account only after providing an individual username and a password.